PingFederate uses the IdP Session Registry Service to facilitate single logout by tracking assertions issued to SP partners. This service is used only when the PingFederate server is acting in an IdP role and supports single logout with one or more partner connections.

When PingFederate is in clustered mode, the service proxy uses a group RPC-based, preferred-nodes implementation; the configuration file is cluster-idp-session-registry.conf in the <pf_install>/pingfederate/server/default/conf directory.

This service supports both adaptive clustering and directed clustering. For adaptive clustering, PingFederate shares user session-state information with a replica set. If region identifiers are defined, PingFederate shares user session-state information among multiple replica sets across regions. You can optionally override this default behavior in the configuration file for adaptive clustering. For directed clustering, all preferred-node approaches are possible with this implementation.

Note:

Both adaptive clustering and the subcluster deployment strategies in directed clustering do not support the SAML 2.0 single logout (SLO) profile using the SOAP binding. If one or more SAML 2.0 connections are configured to support SLO via SOAP, you must choose between the sharing all nodes and designating state servers deployment strategies in directed clustering (see Directed clustering).

The service proxy uses the class:

org.sourceid.saml20.service.impl.grouprpc.IdpSessionRegistryGroupRpcImpl