PingFederate Server

Indexing grant attributes in PingDS

If you use PingDS to store OAuth persistent grants for PingFederate, you must index the grant attributes.

About this task

Index these OAuth grant attributes using the procedure below.

Attribute name Index type

accessGrantGuid

equality

accessGrantUniqueUserIdentifier

equality

accessGrantHashedRefreshTokenValue

equality

accessGrantClientId

equality

accessGrantExpires

ordering

accessGrantGrantType

equality

Steps

  1. Create the indexes using the PingDS dsconfig utility.

    The dsconfig utility is interactive, letting you enter command arguments. The following examples create the required indexes.

    $ dsconfig create-backend-index \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --backend-name dsEvaluation \
    --index-name accessGrantGuid \
    --set index-type:equality \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt
    $ dsconfig create-backend-index \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --backend-name dsEvaluation \
    --index-name accessGrantUniqueUserIdentifier \
    --set index-type:equality \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt
    $ dsconfig create-backend-index \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --backend-name dsEvaluation \
    --index-name accessGrantHashedRefreshTokenValue \
    --set index-type:equality \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt
    $ dsconfig create-backend-index \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --backend-name dsEvaluation \
    --index-name accessGrantClientId \
    --set index-type:equality \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt
    $ dsconfig create-backend-index \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --backend-name dsEvaluation \
    --index-name accessGrantExpires \
    --set index-type:ordering \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt
    $ dsconfig create-backend-index \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --backend-name dsEvaluation \
    --index-name accessGrantGrantType \
    --set index-type:equality \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin \
    --no-prompt

  2. After adding the indexes, build the indexes using the rebuild-index utility.

    The following example builds the required indexes.

    $ rebuild-index \
    --hostname localhost \
    --port 4444 \
    --bindDN uid=admin \
    --bindPassword password \
    --baseDN dc=example,dc=com \
    --index accessGrantGuid \
    --index accessGrantUniqueUserIdentifier \
    --index accessGrantHashedRefreshTokenValue \
    --index accessGrantClientId \
    --index accessGrantExpires \
    --index accessGrantGrantType \
    --usePkcs12TrustStore /path/to/opendj/config/keystore \
    --trustStorePassword:file /path/to/opendj/config/keystore.pin