PingFederate uses the Back-Channel Session Revocation Service to provide OAuth clients the capabilities to add sessions to the revocation list and to query the revocation status).

When PingFederate is in clustered mode, the service proxy uses a group RPC-based implementation. When adding a session to its revocation list, the processing node always propagates the information to all engine nodes in the cluster. It does not use the preferred-nodes concept. This enables the flexibility of allowing the queries to be processed locally or results to be returned after collecting the information from other engine nodes; the former yields faster response time for engine nodes that are deployed in well-connected networks while the latter adds a layer of protection against inconsistent revocation lists among the engine nodes due to possible network outages.

The configuration file is <pf_install>/pingfederate/server/default/conf/cluster-session-revocation.conf. This is where the RPC time-out and other settings can be tuned.

The service proxy uses the class:

org.sourceid.saml20.service.impl.grouprpc.SessionRevocationServiceGroupRpcImpl

FIFO memory management scheme

To ensure the revocation list does not result in excessive memory usage, in addition to the Session Revocation Lifetime setting (globally configured on the OAuth Server > Authorization Server Settings screen), the Back-Channel Session Revocation Service employs a first-in-first-out (FIFO) algorithm to purge old data. When the maximum size is reached, the oldest entries are automatically removed.

The maximum number of sessions is configurable by the SessionRevocationServiceMapImpl.max.revoked.sris setting in <pf_install>/pingfederate/server/default/conf/size-limits.conf. The default value is 50000.