Specific tables are required in order for PingFederate to store authentication sessions on your database server. Table-setup scripts are provided for supported database servers.

  1. Run the table-setup scripts for your database server provided in the <pf_install>/pingfederate/server/default/conf/authentication-session/sql-scripts directory.
  2. If you have not already done so, create a JDBC datastore for your database server on the System > Data Stores screen.
  3. Copy the system ID of the applicable JDBC datastore from the System > Data Stores screen.
  4. Edit the org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
    Note:

    For a clustered environment, edit this file on the administrative console node first, and then replicate to other engine nodes using System > Server > Cluster Management as explained in later steps.

    Replace the <c:item name="PingFederateDSJNDIName"/> element value with the system ID of your datastore connection and save the file.

    For example, if the system ID is JDBC-123456789ABCDEF123456789ABCDEF123456A0A6, update the org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml file as follows:

    <?xml version="1.0" encoding="UTF-8"?>
    <c:config xmlns:c="http://www.sourceid.org/2004/05/config">
        <c:item name="PingFederateDSJNDIName">JDBC-123456789ABCDEF123456789ABCDEF123456A0A6</c:item>
    </c:config>
  5. Edit the <pf_install>/pingfederate/server/default/conf/META-INF/hivemodule.xml file.
    1. Locate the SessionStorageManager service point:
      <!-- Service for storing Authentication Sessions. -->
      <service-point id="SessionStorageManager" interface="org.sourceid.saml20.service.session.data.SessionStorageManager">
          <invoke-factory>
              ...
              <construct class="org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl"/>
          </invoke-factory>
      </service-point>
      
    2. Set the value of the class attribute to org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl (the default value).
    3. Save the file.
    Note:

    For a clustered environment, you must edit the hivemodule.xml file on each node manually as cluster replication cannot replicate this change to other nodes.

  6. Start or restart the PingFederate service.
    Note:

    For a clustered PingFederate environment, replicate this new configuration to other engine nodes on the System > Cluster Management screen; then start or restart the PingFederate service on each engine node to activate the change.

For example, if the system ID isPingFederate removes expired authentication sessions from the database once a day. To fine-tune the frequency and the number of expired authentication sessions to be removed, see Managing authentication sessions stored in the database.