Reduce the size of the PingAccess cookie if its size causes problems in your environment.
The options presented here each reduce the PingAccess cookie size. Because the reduction amount depends on your environment, it can't be precisely quantified.
- When configuring the web session, select the Cache User Attributes check box. This option caches user information for use in policy decisions instead of including it in the cookie. For more information, see Creating web sessions and Editing web sessions .
- When configuring the site, clear the Send Token check box. This minimizes the amount of information forwarded to the site itself. For more information, see Adding sites, Editing sites, and Site field descriptions.
When Configuring admin UI SSO authentication, clear the Include
id_token_hint in SLO check box.
If your token provider requires the id_token_hint parameter to complete
single logout (SLO), explore the other options to reduce cookie size instead. single logout (SLO) SLO The process of signing a user out of multiple sites where the user has started a single sign-on (SSO) session.
When Configuring OpenID Connect token providers, clear the Track
token_id check box.
If you want to use the id_token attribute in an identity mapping or rule, explore the other options to reduce cookie size instead.
When Configuring web session management settings, select the simplest algorithms:
ECDSA using P-256 Curvefor the Signing Algorithm and
AES 128 with CBC and HMAC SHA 256for the Encryption Algorithm.Note:
This option isn't as impactful as the other options and might not be possible depending on your environment's security needs.