After configuring outbound provisioning, you have the option to set up one or more failover PingFederate servers specifically for provisioning backup.

Provisioning runtime processing and failover is independent of SSO or SLO runtime processing and server clustering. However, if you are already deploying, or have deployed, a cluster for federation-protocol runtime processing, you can use a subset of those servers for provisioning failover. Alternatively, you can mix the configuration or set up provisioning-failover servers independently.

Important:

The pre-installed HSQLDB database cannot be used in a failover configuration. Each server in the failover network must be configured to use the same relational database.

  1. Identify two or more runtime instances of PingFederate to configure for provisioning failover.
  2. For each server instance, edit provisioning properties in the <pf_install>/pingfederate/bin/run.properties file as follows:
    Property Description
    pf.provisioner.mode The status of outbound provisioning. Allowed values are:
    OFF
    Outbound Provisioning is disabled.
    STANDALONE
    Provisioning is enabled, without failover.
    FAILOVER
    Provisioning is enabled, with failover.
    Important:

    The value STANDALONE cannot be used for failover configuration. This property must be set to FAILOVER on the primary and secondary servers.

    (The default value is OFF.)
    provisioner.node.id The unique index number of the provisioning server.

    Each server must have a unique index number (from 1 to n ), which is used to prioritize which server is currently active and which is next in line in case of a failure.

    Important:

    The primary active primary server should have an index number of 1. The lowest value in the environment becomes the primary.

    These node IDs are not required to start at 1, but it is recommended that they start at 1. The node IDs for each node must increase sequentially. The number must not exceed the maximum integer value supported by Java, which is 2147483647. Initial start-up performance degradation may result if the node ID does not start at 1.
    provisioner.failover. grace.period The time interval (in seconds) between the first indication that a node is dead and failover to the next server in line. The time period should be greater than the Synchronization Frequency set in the System > Protocol Settings > Outbound Provisioning screen on the administrative console.

    (The default value is 600, which is 10 minutes.)
    Important:

    You must manually configure the failover properties in the run.properties file on each provisioning server, because the run.properties file is not copied among the provisioning servers automatically or as part of the Replicate Configuration process.

  3. Start or restart all of the PingFederate servers.
  4. If you have not already done so, set up an external database to facilitate provisioning and then update the Internal Provisioning Data Store setting in the System > Protocol Settings > Outbound Provisioning screen.
    Once configured, if the provisioning servers belong to the same PingFederate clustered environment, go to the System > Cluster Management screen and replicate the new Internal Provisioning Data Store setting to all nodes. If the provisioning servers are individual PingFederate servers, for each provisioning server, create a datastore connection to the same external database and update the Internal Provisioning Data Store setting manually.