Managing expired persistent grants
PingFederate removes expired persistent grants once a day. The cleanup task removes 500 expired grants at a time until all expired grants are removed.
About this task
If expired grants are growing rapidly, you can optionally increase the frequency of the cleanup task.
Increasing the frequency of the cleanup task or the number of expired sessions to be removed per batch adds more workload to your storage server. Make gradual changes, if any, to observe the impact. |
In a clustered PingFederate environment, the cleanup task runs only on the console node. If adjustments are required, make them on the console node. No changes are required on any of the engine nodes. |
When storing persistent grants on a PingDirectory server that is version 7.0 or later, you can use the PingFederate cleanup task or configure a cleanup plugin in PingDirectory instead. The plugin allows fine-grained control over various aspects of the cleanup task, which might improve the performance impact. For more information and configuration steps, see Managing expired persistent grants in PingDirectory.
Steps
-
Optional: Adjust the frequency of the cleanup task.
-
Edit the
timer-intervals.xml
<pf_install>/pingfederate/server/default/data/config-store
directory. -
Update the
AccessGrantCleanerInterval
value, in milliseconds.
The default value is
86400000
, which is 24 hours.-
Save your changes.
-
-
Optional: Adjust the number of expired grants to be removed per batch.
-
Edit the configuration file relevant to your storage platform.
This configuration file is located in the
<pf_install>/pingfederate/server/default/data/config-store
directory, as described in the following table.Storage platform Configuration file Database server
org.sourceid.oauth20.token.AccessGrantManagerJdbcImpl.xml
PingDirectory
org.sourceid.oauth20.token.AccessGrantManagerLDAPPingDirectoryImpl.xml
Microsoft Active Directory
org.sourceid.oauth20.token.AccessGrantManagerLDAPADImpl.xml
Oracle Unified Directory
org.sourceid.oauth20.token.AccessGrantManagerLDAPOracleImpl.xml
-
Update the
ExpiredGrantBatchSize
value.The following example shows an updated value of 400.
-
file, located in the<?xml version="1.0" encoding="UTF-8"?> <c:config xmlns:c="http://www.sourceid.org/2004/05/config"> ... <c:item name="ExpiredGrantBatchSize">400</c:item> ... </c:config>
+
The default value is 500
.
-
Save your changes.
-
After you have made changes, restart PingFederate.
In a clustered PingFederate environment, you do not have to change or restart PingFederate on any of the engine nodes.
-