PingFederate Server

Deploying provisioning failover

After configuring outbound provisioning, you can set up one or more PingFederate failover servers specifically for provisioning backup.

About this task

Provisioning runtime processing and failover is independent of single sign-on (SSO) or single logout (SLO) runtime processing and server clustering. However, if you are already deploying, or have deployed, a cluster for federation-protocol runtime processing, you can use a subset of those servers for provisioning failover. Alternatively, you can mix the configuration or set up provisioning-failover servers independently.

Each server in the failover network must be configured to use the same relational database.

Use the built-in HSQLDB only for trial or training environments. For testing and production environments, always use a secured external storage solution for proper functioning in a clustered environment.

Testing involving HSQLDB is not a valid test. In both testing and production, it might cause various problems due to its limitations and HSQLDB involved cases are not supported by Ping Identity.

Steps

  1. Select two or more runtime instances of PingFederate to configure for provisioning failover.

  2. For each server instance, edit provisioning properties in the <pf_install>/pingfederate/bin/run.properties file as follows:

    Property Description

    pf.provisioner.mode

    The status of outbound provisioning. Allowed values are:

    OFF (default)

    Outbound provisioning is disabled.

    STANDALONE

    Provisioning is enabled, without failover.

    FAILOVER

    Provisioning is enabled, with failover.

    The value STANDALONE cannot be used for failover configuration. This property must be set to FAILOVER on the primary and secondary servers.

    provisioner.node.id

    The unique index number of the provisioning server.

    Each server must have a unique index number, which is used to prioritize which server is currently active and which is next in line in case of a failure. Values are any number.

    If no provisioner.node.id value is specified, PingFederate will use the pf.cluster.node.index value as the provisioner node ID.

    If no pf.cluster.node.index is specified, PingFederate will automatically generate an index.

    The primary active primary server should have an index number of 1. The lowest value in the environment becomes the primary.

    These node IDs are not required to start at 1, but it is recommended that they start at 1. The number must not exceed the maximum integer value supported by Java, which is 2147483647.

    provisioner.failover. grace.period

    The time interval (in seconds) between the first indication that a node is dead and failover to the next server in line. The time period should be greater than the Synchronization Frequency set in the System → Server → Protocol Settings → Outbound Provisioning tab on the administrative console.

    The default value is 600, which is 10 minutes.

    You must seperately configure the failover properties in the run.properties file on each provisioning server, because the run.properties file is not copied among the provisioning servers automatically or as part of the Replicate Configuration process.

  3. Start or restart all of the PingFederate servers.

  4. If you have not already done so, set up an external database to facilitate provisioning and then update the Provisioning Data Store setting on the System → Server → Protocol Settings → Outbound Provisioning tab. See Configuring outbound provisioning settings for more information.

  5. After configuration, if the provisioning servers belong to the same PingFederate clustered environment, go to the System → Server. In the Cluster Management window, replicate the new Provisioning Data Store setting to all nodes. If the provisioning servers are individual PingFederate servers, for each provisioning server, create a datastore connection to the same external database and update the Provisioning Data Store setting manually.