Configure web session management settings in PingAccess.
- Click Access and then go to .
- In the Web Session Management section, select Key Roll Enabled to enable key rolling using the interval specified below.
Enter the Key Roll Interval, in hours, to specify how
often you want to roll the keys (the default is
Key rollover updates keys at regular intervals to ensure the security of signed and encrypted PingAccess tokens.
In the Issuer field, enter the published, unique
identifier to be used with the web session (the default is PingAccess).
Set the issuer to a value that more closely represents your company. PingAccess inserts this value as the
issclaim within the PingAccess token
Select the Signing Algorithm used to protect the
integrity of the PingAccess token (the default is
ECDSA using P-256 Curve).
PingAccess uses the algorithm when creating signed PingAccess tokens and when verifying signed tokens in a request from a user’s browser. The algorithm is also used for signing tokens in token mediation use cases when PingAccess tokens are encrypted
Select the Encryption Algorithm used to encrypt and
protect the integrity of the PingAccess Token (the default is
AES 128 with CBC and HMAC SHA 256).
PingAccess uses the algorithm when creating encrypted PingAccess tokens and when verifying them from a user’s browser.
Higher encryption levels are available if the administrative console supports it. To enable higher encryption levels, update the administrative console Java Runtime Environment (JRE) to support unlimited strength security policy.
In a clustered environment, add the security policy changes to the engines as well as the administrative console for the cluster.
Enter the browser Cookie Name that contains the
PingAccess token (the default is
- In the Session State Cookie Name field, enter a name for the browser cookie to contain session state attributes.
In the Update Token Window (s) field, enter the number
of seconds before the idle timeout is updated in the PingAccess token.
When this time window expires, PingAccess will reissue a new PingAccess cookie.
In the Nonce Cookie Time to Live (m) field, enter the
number of minutes for which the nonce cookie is valid.
The default value is
5. PingAccess deletes cookies that are older than this threshold.
- Click Save.