Product Releases
December 7, 2022
5 min read

What’s New In Kong Enterprise 3.1?

Syed Mahmood

We're excited to announce the general availability of Kong Enterprise 3.1. In Kong Enterprise 3.1, we build on the foundation of our plugin ecosystem by introducing five new plugins and enhancing the functionality of existing ones. These include:

  • AppDynamics
  • SAML2
  • OpenAPI Specification (OAS) validation
  • JWE Decryption
  • XML Threat Protection
  • Mocking plugin – Enhancement

We'll explore the ins and outs of each of these plugins below. But first let's talk about why plugins are such an important part of Kong's solutions.

Plugins Are a Functionality Multiplier for APIs

Just as APIs are the backbone of every modern application, plugins have become the functionality multiplier for APIs. Plugins are an integral part of Kong's solutions as they extend Kong Gateway and Kong Konnect's capabilities. Plugins keep the underlying core gateway footprint lightweight and performant as the value-added API management functionality is delivered by the plugin-oriented architecture.

You can take advantage of the most comprehensive plugin ecosystem that currently stands at over 100 plugins available to our Enterprise customers. These plugins provide critical functionality including traffic control, authentication, logging, observability and much more.

Plugins make Kong Gateway highly customizable and easy to use as you can add, configure, and remove a plugin via Kong Manager UI, Admin API call, or declaratively via Kong decK.

Kong plugins also provide their own configuration schema that's automatically validated by Kong Core and delivered by the PDK (Plugin Development Kit) to keep the performance high.

New Kong Enterprise Plugins

AppDynamics Plugin

Mean time to repair or MTTR is a useful metric for DevOps teams to assess their efficiency by measuring how quickly a component or a system can be repaired and brought back online.

The AppDynamics plugin provides incident data to AppDynamics, an application observability platform used by enterprises to identify and address the root causes of application performance issues. The IT and DevOps teams can triage the issue faster and lower the MTTR by providing incident data to AppDynamics agent in its native format through out of the box integration. At the same time the development teams can spend time and resources on value-add tasks rather than building the integration between two platforms.

With Kong Gateway Enterprise 3.1 customers will be able to see their entire API call journey from their AppDynamics controller, starting with web or mobile front end through Kong Gateway, to the backend micro service invocation.

Diagram 1: AppDynamics plugin support in Kong Gateway Enterprise

The plugin is highly performant as it is based on AppDynamics C++ SDK, and integrates seamlessly with customer's existing AppDynamics landscape whether it happens to be on premises or in the cloud.

*This plugin needs to be manually enabled and Kong Gateway needs to be reloaded.

SAML 2.0 Plugin

Security Assertion Markup Language — or SAML 2.0 — is a widely used open standard to authenticate users through single sign-on (SSO). The SAML 2 plugin in Kong Enterprise 3.1 enables you to authenticate users against Kong Gateway using Microsoft Active Directory for a more seamless experience.

Figure 2: SAML 2.0 plugin

Additional identity provider(IdP) support may be provided in the upcoming releases.

OpenAPI Specification (OAS) Validation Plugin

The OpenAPI Specification is an industry standard for describing modern APIs for HTTP including RESTful APIs. The OAS Validation plugin validates your request and response format against a standard API definition.

This helps API consumers to send their request with all mandatory data fields in query parameters, headers and payload, and also does the same sets of upstream service responses check on the way back.

Even better, you can use a webhook to post a notification to an configurable endpoint, where you can see why an API request or response failed to pass the validation, and assist you to carry out the root cause analysis later.

*This plugin needs to be manually enabled and Kong Gateway needs to be reloaded.

JWE Decryption Plugin

Open banking involves financial services institutions to share their customer's data with each other via APIs. This empowers customers to make investments and execute transactions on a global basis. The JSON Web Encryption or JWE specification standardizes the representation of encrypted content in a JSON-based data structure.

JWE Decryption plugin in 3.1 can be used to decrypt the content of a JWT token entering and exiting the gateway. The decryption plugin enables Kong Enterprise to receive encrypted JSON web tokens, decrypt them in order to validate JWT tokens using other Kong plugins like JWT Validation Plugin.

XML Threat Protection Plugin

Malicious attacks targeting XML backend services represent a serious threat for businesses. The attack typically involves large, repetitive payloads, or SQL injections.

Using the XML Threat Protection Plugin, security personnel can prevent potential XML payload attacks by applying configured xml tree depth limits, message structure, payload size, and performing format validation checks.

Mocking Plugin Enhancement

Beyond these new enterprise plugins, users will also benefit from enhancements to the Mocking plugin.

The Mocking plugin enables customers to test their APIs against their services in development environments by providing mock endpoints. The Mocking plugin leverages standards based on the Open API Specification (OAS) for sending out mock responses to APIs. You can choose which status code to be returned via this plugin, as well as simulate an API response latency via plugin configuration.

Kong Manager Enhancements

In Kong Enterprise 3.1, Kong Manager has added support for the following Gateway features:

  • Consumer Groups: Rate limiting tiers can be managed efficiently by placing consumers into groups rather than managing each consumer individually.
  • Secrets Management: Vault Entities can now be configured in Kong Manager.
  • Dynamic Plugin Ordering: MVP support for Dynamic Plugin Ordering has been added to allow users to programmatically control the order in which plugins will execute

In addition to the Gateway feature support, 3.1 also provides various UX enhancements that include:

  • Certificate Details: Certificate entities will now provide contextual information defined in the certificates.
  • Plugins: Plugin forms have been updated to include tooltips that describe the use of plugin-specific configuration parameters.

Visit the Kong Plugin Hub to learn more about these and other plugins. Check out the Kong Gateway 3.1 documentation or see how to upgrade to Kong Gateway 3.1.

Watch: How an API Gateway and a Service Mesh Work Together

Check out this on-demand webinar to learn how to build highly scalable, secure, and reliable applications using an API gateway and service mesh in a cloud native world.

Watch Now >