Configuring size limits
You can configure size limits, which include values in the IdP Session Registry, the SP Session Registry, the Inter-Request State management service, and others.
Steps
-
To configure a size limit, edit the
<pf_install>/pingfederate/server/default/conf/size-limits.conf
file. -
Modify the applicable settings. The setting are described in the following table.
Setting Description The IdP Session Registry stores SLO-related session information for IdP adapters, as well as for IdP and SP connections that a user has interacted with. It also stores sessions for PingFederate’s Authentication Sessions feature.
IdpSessionRegistryMapImpl.max.sessions
This setting controls the maximum number of user sessions (for SLO or Authentication Sessions) kept in memory. When this limit is reached, sessions are removed on a least-recently-used basis.
The default setting is 10000.
IdpSessionRegistryMapImpl.max.individual.sessions
This setting controls the maximum number of IdP adapter or IdP connection sessions per user session. When this limit is reached, sessions are removed on a first-in first-out basis.
The default setting is 500.
IdpSessionRegistryMapImpl.max.partner.sessions
This setting controls the maximum number of SP connection sessions per IdP adapter or IdP connection session. When this limit is reached, sessions are removed on a first-in first-out basis.
The default setting is 500.
IdpSessionRegistryMapImpl.max.user.keys
This setting defines the maximum number of unique user keys that can be tracked. When this limit is reached, user keys are removed on a least-recently-used basis.
The default setting is 50000.
IdpSessionRegistryMapImpl.max.user.key.sris
This setting defines the maximum number of SRIs (browser sessions) that can be tracked for a given unique user key. When this limit is reached, SRIs are removed and revoked on a least-recently-used basis.
The default setting is 100.
IdpSessionRegistryMapImpl.expiry.mins
This setting defines the expiry period for user sessions in minutes. If no activity has been seen for a given user session for this period, it will be removed.
The default setting is 1440
The SP Session Registry stores SLO-related session information for SP adapters and IdP connections that a user has interacted with.
SpSessionRegistryMapImpl.max.sessions
This setting controls the maximum number of user sessions kept in memory. When this limit is reached, sessions are removed on a least-recently-used basis.
The default setting is 10000.
SpSessionRegistryMapImpl.max.individual.sessions
This setting controls the maximum number of SP adapter sessions per user session. When this limit is reached, sessions are removed on a first-in first-out basis.
The default setting is 500.
SpSessionRegistryMapImpl.expiry.mins
This setting defines the expiry period for user sessions in minutes. If no activity has been seen for a given user session for this period, it will be removed.
The default setting is 1440.
The Inter-Request State Management service has two maps. The 'state' map is used to store short-lived state information between requests within an SSO or SLO transaction. The 'attr' map is used by adapters (such as the HTML form adapter) to store user session attributes.
InterReqStateMgmtMapImpl.max.size.state.map
This setting controls the maximum number of user sessions in the state map. When this limit is reached, sessions are removed on a least-recently-used basis.
The default setting is 10000.
InterReqStateMgmtMapImpl.expiry.mins.state.map
This setting controls the expiry period for user sessions in the state map. If no activity has been seen for a given user session for this period, it will be removed.
The default setting is 30.
InterReqStateMgmtMapImpl.max.size.attr.map
This setting controls the maximum number of user sessions in the attribute map. When this limit is reached, sessions are removed on a least-recently-used basis.
The default setting is 10000.
InterReqStateMgmtMapImpl.expiry.mins.attr.map
This setting controls the expiry period for user sessions in the attribute map. If no activity has been seen for a given user session for this period, it will be removed.
The default setting is 1440.
InterReqStateMgmtMapImpl.max.session.attrs
This setting controls the maximum number of attributes stored in the attribute map for a given user session.
The default setting is 500.
SessionRevocationServiceMapImpl.max.revoked.sris
This setting controls the maximum number of revoked session identifiers kept in memory. When this limit is reached, revoked identifiers are removed on a first-in first-out basis.
The default setting is 50000.
MetadataDirectory.max.size.idp.conn.map
This setting controls the maximum number of IdP connections kept in memory. When this limit is reached, connections are removed on a least-recently-used basis.
The default setting is 10000.
MetadataDirectory.max.size.sp.conn.map
This setting controls the maximum number of SP connections kept in memory. When this limit is reached, connections are removed on a least-recently-used basis.
The default setting is 10000.
ClientManagerXmlFileImpl.max.size.clients.map
This setting controls the maximum number of OAuth clients kept in memory. When this limit is reached, clients are removed on a least-recently-used basis.
The default setting is 10000.
-
Restart PingFederate.