When storing OAuth persistent grants on a PingDirectory server (version 7.0 or a more recent version), you can configure a cleanup plugin in PingDirectory to remove expired data from your directory server. This PingDirectory plugin allows fine-grained control over various aspects of the cleanup task. For example, you can configure the maximum number of updates per seconds to smooth out the performance impact.
Disable the PingFederate cleanup task.
For a clustered PingFederate environment, make these change on the console node. No changes are required on any of the engine nodes.
- Edit the timer-intervals.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
Update the AccessGrantCleanerInterval value to
- Save your change.
- Restart PingFederate.
Configure an instance of the PingDirectory plugin to clean up expired data.
- Sign on to the PingDirectory administrative console.
- Go to the screen.
- Click New Plugin and then select Clean up Expired PingFederate Persistent Access Grants Plugin.
Configure a new instance of the Clean up Expired PingFederate
Persistent Access Grants Plugin.
Refer to the following table for information about each required field.
Field Description Name The name of this plugin instance. Enabled The status of this plugin instance.
Select the check box to enable this plugin instance. Clear the check box to disable this plugin instance.
This check box is not selected by default.
Base DN The distinguished name (DN) that points to the access grants location.
For more information, see the inline comment and the access-grant-ldap-pingdirectory.ldif file in the <pf_install>/pingfederate/server/default/conf/access-grant/ldif-scripts directory.
Polling Interval The frequency of which this plugin instance should be run.
Enter an integer to indicate the time value, followed by its unit of measurement.
The default value is
Max Updates Per Second This setting smooths out the performance impact on the server by throttling the purging to the specified maximum number of updates per second. To avoid a large backlog, this value should be set comfortably above the average rate that expired data is generated.
The default value is
- Click Save.