PingFederate Server

Inter-Request State-Management (IRSM) Service

This topic is an overview of the two options for tracking session information between HTTP requests in PingFederate.

The PingFederate server tracks user-session state information between HTTP requests, such as when PingFederate, acting as an identity provider (IdP), redirects a user’s browser to another system for authentication. When the user’s browser returns to PingFederate after authentication, the server needs access to the state associated with that user from before the redirect. Generally, this state is short-lived.

The InterRequestStateMgmtProxy implementation chooses between two methods to track this state: group RPC-based (the clustering default) and local memory-based (the standalone default).

The configuration file is <pf_install>/pingfederate/server/default/conf/cluster-inter-request-state.conf.

Group RPC-based session tracking

The group RPC-based implementation supports both adaptive clustering and directed clustering.

For adaptive clustering, PingFederate shares user session-state information with a replica set. If region identifiers are defined, PingFederate shares user session-state information among multiple replica sets across regions. You can override this default behavior in the <pf_install>/pingfederate/server/default/conf/cluster-adaptive.conf file.

For directed clustering, all preferred-node approaches are possible with this implementation.

The service-point InterRequestStateMgmt in the <pf_install>/pingfederate/server/default/conf/hivemodule.xml file uses the proxy InterRequestStateMgmtProxy to assign this implementation as the clustering default. The specific class name is org.sourceid.saml20.service.impl.grouprpc.InterRequestStateMgmtGroupRpcImpl

Local memory-based session tracking

The local memory-based session tracking implementation tracks users in the inter-request state in the local memory of the processing server. This is the standalone default.

Adaptive clustering does not support this implementation. Use the group RPC-based session tracking instead.

The service-point InterRequestStateMgmt in the hivemodule.xml file uses the proxy InterRequestStateMgmtProxy to assign this implementation as the clustering default. The specific class name is org.sourceid.saml20.service.impl.localmemory.InterReqStateMgmtMapImpl

Local memory-based session tracking and clustering

Group RPC-based session tracking is the clustering default. To use local memory-based session tracking in a clustered environment, update the service-point InterRequestStateMgmt to use the local memory-based session tracking class, org.sourceid.saml20.service.impl.localmemory.InterReqStateMgmtMapImpl

The load balancer must support sticky sessions to force all requests for the same user session to be routed to the same server.