Configuring an external database for authentication sessions
Set up various tables so that PingFederate can store authentication sessions on corresponding database servers.
About this task
Specific tables are required in order for PingFederate to store authentication sessions on your database server. Table-setup scripts are provided for supported database servers.
Steps
-
Run the table-setup scripts, provided in the
<pf_install>/pingfederate/server/default/conf/authentication-session/sql-scripts
directory, for your database server. -
If you have not already done so, go to System → Data & Credential Stores. In the Data Stores window, create a Java Database Connection (JDBC) datastore for your database server.
-
Copy the system ID of the applicable JDBC datastore from the Data Stores window.
-
Edit the
org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml
file, located in the<pf_install>/pingfederate/server/default/data/config-store
directory.For a clustered PingFederate environment, edit this file on the administrative console node first, and then replicate to other engine nodes using System → Server → Cluster Management as explained in later steps.
Replace the
<c:item name="PingFederateDSJNDIName"/>
element value with the system ID of your data store connection and save the file.Example:
For example, if the system ID is
JDBC-123456789ABCDEF123456789ABCDEF123456A0A6
, update theorg.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml
file as follows.<?xml version="1.0" encoding="UTF-8"?> <c:config xmlns:c="http://www.sourceid.org/2004/05/config"> <c:item name="PingFederateDSJNDIName">JDBC-123456789ABCDEF123456789ABCDEF123456A0A6</c:item> </c:config>
-
Edit the
<pf_install>/pingfederate/server/default/conf/service-points.conf
file.For example, if the system ID is
SessionStorageManager
:-
Go to the
# Service for storing Authentication Sessions
section.# Service for storing Authentication Sessions. # Supported classes: # org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl : Use this service-point for a Jdbc implementation. # org.sourceid.saml20.service.session.data.impl.SessionStorageManagerLdapImpl : Use this service-point for an LDAP implementation. # org.sourceid.saml20.service.session.data.impl.SessionStorageManagerDynamoDBImpl : Use this service-point for a DynamoDB implementation. session.storage.manager=org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl
-
Change the value of the
session.storage.manager
service tocom.org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl
, the default value.In clustered PingFederate environments, you must manually edit the
service-points.conf
file on each node because cluster replication can’t replicate this change to other nodes.
-
-
Start or restart the PingFederate service.
PingFederate was tested with vendor-specific Java database connectivity (JDBC) 4.2 drivers. For more information, see Compatible database drivers. Start or restart the PingFederate service on each engine node to activate the change.
Result
PingFederate removes expired authentication sessions from the database once a day. To fine-tune the frequency and the number of expired authentication sessions to remove, see Managing authentication sessions stored in the database.