Managing expired persistent grants in PingDirectory - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

When storing OAuth persistent grants on a PingDirectory server that is version 7.0 or later, you can configure a cleanup plugin in PingDirectory to remove expired data from your directory server.

This PingDirectory plugin allows fine-grained control over various aspects of the cleanup task. For example, you can configure the maximum number of updates per second to improve the performance impact.

  1. Disable the PingFederate cleanup task.
    Important:

    For a clustered PingFederate environment, make these change on the console node. No changes are required on any of the engine nodes.

    1. Edit the <pf_install>/pingfederate/server/default/data/config-store/timer-intervals.xml file.
    2. Update the AccessGrantCleanerInterval value to 0.
    3. Save your changes.
    4. Restart PingFederate.
  2. Configure an instance of the PingDirectory plugin to clean up expired data.
    1. Sign on to the PingDirectory administrative console.
    2. Go to Configuration > Plugin Root.
    3. Click New Plugin and then select Clean up Expired PingFederate Persistent Access Grants Plugin.
    4. Configure a new instance of the Clean up Expired PingFederate Persistent Access Grants Plugin.

      See the following table for information about each required field.

      Field Description
      Name The name of this plugin instance.
      Enabled The status of this plugin instance.

      Select the check box to enable this plugin instance. Clear the check box to disable this plugin instance.

      This check box is not selected by default.

      Base DN The distinguished name (DN) that points to the access grants location.

      For more information, see the inline comment and the access-grant-ldap-pingdirectory.ldif file in the <pf_install>/pingfederate/server/default/conf/access-grant/ldif-scripts directory.

      Polling Interval The frequency of which this plugin instance should be run.

      Enter an integer to indicate the time value, followed by its unit of measurement.

      The default value is 5 m.

      Max Updates Per Second This setting smooths out the performance impact on the server by throttling the purging to the specified maximum number of updates per second. To avoid a large backlog, this value should be set above the average rate that expired data is generated.

      The default value is 100.

    5. Click Save.