Configuring the authorization plugin for Kong Gateway
Learn how to configure the authorization plugin to set up a connection between Kong Gateway and PingOne.
Before you begin
Make sure the pingoneauthorize-api-tutorials
container is running in Docker.
Steps
-
To access Kong Manager, go to http://localhost:8002.
-
Select your default workspace, and then go to API Gateway > Plugins.
The
ping-auth
plugin is already installed in your tutorial environment. Now you’ll configure it. -
Click Edit, and then click the toggle to enable the plugin.
Next, you’ll enter the service URL by copying it from PingOne Authorize.
-
In PingOne, go to Authorization > API Gateways.
This is where you register the gateway and authorize it to work with PingOne.
-
Copy the Service URL and enter it in the Config.Service Url field in Kong Manager.
You need a credential to authorize Kong Gateway to connect to PingOne. First, add the gateway.
-
In PingOne, click the icon next to API Gateways to add a gateway.
-
Enter
Kong
for the name of the gateway, and then click Save.Next you’ll get the gateway credential to authorize Kong.
-
Click the icon next to Credentials and copy the credential. Click Done.
-
Enter the credential in the Config.Shared Secret field in Kong Manager.
-
Click Update, and then click Update Plugin.
Result:
Kong Gateway is configured to work with PingOne. Try the Postman request again to see if access has changed.
-
In Postman, select the Get all memes by user.0 request and click Send.
Result:
You receive a
404 Not Found
error. This is because PingOne doesn’t recognize the Meme Game API yet. By default, requests to unknown APIs fail closed, ensuring that access to an unknown API is blocked.Troubleshooting:
Not getting the right results? Learn more in Viewing API Access Management events in your PingOne environment audit log.
Result
Now you have Kong Gateway connected to PingOne so that you can manage its access control behavior in PingOne.
Next steps
In the last step, the request was blocked because PingOne isn’t configured to recognize the Meme Game API yet. Let’s tackle that next.