PingFederate Server

Configuring PingFederate services for Redis storage

You should enable all Redis-capable PingFederate services, but you can manage these services individually if you prefer.

Before you begin

To manage individual Redis-capable services:

  • Configure PingFederate to connect with your Redis cache.

  • Make sure the pf.redis.mode parameter in the <pingfed_install>/pingfederate/bin/run.properties file is set to OFF.

Learn more in Storing PingFederate data with Redis.

Configuring account locking with Redis

You can configure PingFederate to store Account Locking Service data in a Redis cache.

Steps

  1. Open the <pingfed_install>/pingfederate/server/default/conf/service-points.conf file in a text editor.

  2. Set the account.locking.service parameter to com.pingidentity.integrations.redis.lockingservice.AccountLockingServiceRedisImpl.

  3. Save and close the file.

  4. If you’re running PingFederate in a clustered environment, repeat these steps for each node in the cluster.

  5. Restart PingFederate.

Configuring artifact storage with Redis

You can configure PingFederate to store authorization artifacts in a Redis cache. Supported artifacts are:

Steps

  1. Open the <pf_install>/pingfederate/server/default/conf/service-points.conf file in a text editor.

  2. Set the artifact.store parameter to com.pingidentity.integrations.redis.artifactpersistenceservice.ArtifactPersistenceServiceRedisImpl.

  3. Save and close the file.

  4. If you’re running PingFederate in a clustered environment, repeat these steps for each node in the cluster.

  5. Restart PingFederate.

Configuring IRSM data storage with Redis

You can configure PingFederate to store Inter-Request State-Management (IRSM) Service data in a Redis cache.

Steps

  1. Open the <pf_install>/pingfederate/server/default/conf/service-points.conf file in a text editor.

  2. Set the inter.request.state.mgmt parameter to com.pingidentity.integrations.redis.irsm.InterRequestStateMgmtRedisImpl.

  3. Save and close the file.

  4. If you’re running PingFederate in a clustered environment, repeat these steps for each node in the cluster.

  5. Restart PingFederate.

Configuring Assertion Replay Prevention Service data storage with Redis

You can configure PingFederate to store Assertion Replay Prevention Service data in a Redis cache.

Steps

  1. Open the <pf_install>/pingfederate/server/default/conf/service-points.conf file in a text editor.

  2. Set the assertion.replay.prevention.service parameter to com.pingidentity.integrations.redis.assertionreplaypreventionservice.AssertionReplayPreventionServiceRedisImpl.

  3. Save and close the file.

  4. If you’re running PingFederate in a clustered environment, repeat these steps for each node in the cluster.

  5. Restart PingFederate.

Configuring dynamic JSON Web Key storage with Redis

You can configure PingFederate to store dynamic JSON Web Keys in a Redis cache. When this service is enabled, PingFederate creates new keys when a new instance or cluster starts. When a cluster restarts, that cluster’s existing keys remain intact.

Steps

  1. Open the <pf_install>/pingfederate/server/default/conf/service-points.conf file in a text editor.

  2. Set the dynamic.jwk.storage.service parameter to com.pingidentity.crypto.jwk.DynamicJwkStorageManager

  3. Save and close the file.

  4. If you’re running PingFederate in a clustered environment, repeat these steps for each node in the cluster.

  5. Restart PingFederate.

Configuring Session Revocation Service data storage with Redis

You can configure PingFederate to store Back-Channel Session Revocation Service data in a Redis cache.

Steps

  1. Open the <pf_install>/pingfederate/server/default/conf/service-points.conf file in a text editor.

  2. Set the session.revocation.service parameter to com.pingidentity.integrations.redis.sessionrevocationservice.SessionRevocationServiceRedisImpl

  3. Save and close the file.

  4. If you’re running PingFederate in a clustered environment, repeat these steps for each node in the cluster.

  5. Restart PingFederate.

Configuring OAuth Reference Bearer Access Token plugin data with Redis

You can configure PingFederate to store OAuth Reference Bearer Access Token plugin data in a Redis cache.

Reference bearer tokens provide a reference to a set of stored attributes. Storing reference token data in Redis prevents PingFederate from invalidating the issued tokens and deleting their data on a cluster restart.

Steps

  1. Open the <pf_install>/pingfederate/server/default/conf/service-points.conf file in a text editor.

  2. Set the reference.bearer.accesstoken.tracker.factory parameter to com.pingidentity.integrations.redis.oauth.ReferenceBearerAccessTokenTrackerFactoryRedisImpl.

  3. Save and close the file.

  4. If you’re running PingFederate in a clustered environment, repeat these steps for each node in the cluster.

  5. Restart PingFederate.

Configuring IdP Session Registry Service data with Redis

You can configure PingFederate to store IdP Session Registry Service data in a Redis cache.

Steps

  1. Open the <pf_install>/pingfederate/server/default/conf/service-points.conf file in a text editor.

  2. Set the idp.session.registry parameter to com.pingidentity.integrations.redis.idpsessionregistry.IdpSessionRegistryRedisImpl.

  3. Save and close the file.

  4. If you’re running PingFederate in a clustered environment, repeat these steps for each node in the cluster.

  5. Restart PingFederate.

Configuring SP Session Registry Service data with Redis

You can configure PingFederate to store SP Session Registry Service data in a Redis cache.

Steps

  1. Open the <pf_install>/pingfederate/server/default/conf/service-points.conf file in a text editor.

  2. Set the sp.session.registry parameter to com.pingidentity.integrations.redis.spsessionregistry.SpSessionRegistryRedisImpl.

  3. Save and close the file.

  4. If you’re running PingFederate in a clustered environment, repeat these steps for each node in the cluster.

  5. Restart PingFederate.