PingFederate Server

Managing expired persistent grants in PingDirectory

When storing OAuth persistent grants on a PingDirectory server that is version 7.0 or later, you can configure a cleanup plugin in PingDirectory to remove expired data from your directory server.

About this task

This PingDirectory plugin allows fine-grained control over various aspects of the cleanup task. For example, you can configure the maximum number of updates per second to improve the performance impact.

Steps

  1. Disable the PingFederate cleanup task.

    For a clustered PingFederate environment, make these change on the console node. No changes are required on any of the engine nodes.

    1. Edit the <pf_install>/pingfederate/server/default/data/config-store/timer-intervals.xml file.

    2. Update the AccessGrantCleanerInterval value to 0.

    3. Save your changes.

    4. Restart PingFederate.

  2. Configure an instance of the PingDirectory plugin to clean up expired data.

    1. Sign on to the PingDirectory administrative console.

    2. Go to Configuration → Plugin Root.

    3. Click New Plugin and then select Clean up Expired PingFederate Persistent Access Grants Plugin.

    4. Configure a new instance of the Clean up Expired PingFederate Persistent Access Grants Plugin.

      See the following table for information about each required field.

    Field Description

    Name

    The name of this plugin instance.

    Enabled

    The status of this plugin instance.

    Select the check box to enable this plugin instance. Clear the check box to disable this plugin instance.

    This check box is not selected by default.

    Base DN

    The distinguished name (DN) that points to the access grants location.

    For more information, see the inline comment and the access-grant-ldap-pingdirectory.ldif file in the <pf_install>/pingfederate/server/default/conf/access-grant/ldif-scripts directory.

    Polling Interval

    The frequency of which this plugin instance should be run.

    Enter an integer to indicate the time value, followed by its unit of measurement.

    The default value is 5 m.

    Max Updates Per Second

    This setting smooths out the performance impact on the server by throttling the purging to the specified maximum number of updates per second. To avoid a large backlog, this value should be set above the average rate that expired data is generated.

    The default value is 100.

    1. Click Save.