Using custom solutions for grant storage
Use the PingFederate SDK to implement a custom solution for grant storage.
Steps
-
Implement the
AccessGrantManager
interface.For more information, see the Javadoc for the
AccessGrantManager
interface, theSampleAccessGrant.java
file for a sample implementation, and the SDK Developer’s Guide for build and deployment information.The Javadoc for PingFederate and the sample implementation are in the
<pf_install>/pingfederate/sdk
directory. -
Edit the
<pf_install>/pingfederate/server/default/conf/service-points.conf
file.-
Go to the
# Service for storage of access grants
section.# Service for storage of access grants # Supported classes: # org.sourceid.oauth20.token.AccessGrantManagerJdbcImpl : Use this service-point for a Jdbc implementation # org.sourceid.oauth20.token.AccessGrantManagerLDAPADImpl : Use this service-point for a Microsoft Active Directory implementation # org.sourceid.oauth20.token.AccessGrantManagerLDAPOracleImpl : Use this service-point for an Oracle Directory Server Enterprise Edition implementation # org.sourceid.oauth20.token.AccessGrantManagerLDAPPingDirectoryImpl : Use this service-point for a PingDirectory implementation # org.sourceid.oauth20.token.AccessGrantManagerDynamoDBImpl : Use this service-point for an Amazon DynamoDB implementation access.grant.manager=org.sourceid.oauth20.token.AccessGrantManagerJdbcImpl
-
Change the value of the
access.grant.manager
service to the name of your class.
For a clustered PingFederate environment, you must edit the
service-points.conf
file on each node manually because cluster replication can’t replicate this change to other nodes. -
-
Deploy the required program files of your custom implementation to all PingFederate servers.
-
Start or restart PingFederate.
include:::partial$pf_rc_notes.adoc[tags=pf_ph_replicateConfiguration] Start or restart the PingFederate service on each engine node to activate the change.