Configuring size limits - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

You can configure size limits, which include values in the IdP Session Registry, the SP Session Registry, the Inter-Request State management service, and others.

  1. To configure a size limit, edit the <pf_install>/pingfederate/server/default/conf/size-limits.conf file.
  2. Modify the applicable settings. The setting are described in the following table.
    Setting Description
    The IdP Session Registry stores SLO-related session information for IdP adapters, as well as for IdP and SP connections that a user has interacted with. It also stores sessions for PingFederate's Authentication Sessions feature.
    IdpSessionRegistryMapImpl.max.sessions This setting controls the maximum number of user sessions (for SLO or Authentication Sessions) kept in memory. When this limit is reached, sessions are removed on a least-recently-used basis.

    The default setting is 10000.

    IdpSessionRegistryMapImpl.max.individual.sessions This setting controls the maximum number of IdP adapter or IdP connection sessions per user session. When this limit is reached, sessions are removed on a first-in first-out basis.

    The default setting is 500.

    IdpSessionRegistryMapImpl.max.partner.sessions This setting controls the maximum number of SP connection sessions per IdP adapter or IdP connection session. When this limit is reached, sessions are removed on a first-in first-out basis.

    The default setting is 500.

    IdpSessionRegistryMapImpl.max.user.keys This setting defines the maximum number of unique user keys that can be tracked. When this limit is reached, user keys are removed on a least-recently-used basis.

    The default setting is 50000.

    IdpSessionRegistryMapImpl.max.user.key.sris This setting defines the maximum number of SRIs (browser sessions) that can be tracked for a given unique user key. When this limit is reached, SRIs are removed and revoked on a least-recently-used basis.

    The default setting is 100.

    IdpSessionRegistryMapImpl.expiry.mins This setting defines the expiry period for user sessions in minutes. If no activity has been seen for a given user session for this period, it will be removed.

    The default setting is 1440

    The SP Session Registry stores SLO-related session information for SP adapters and IdP connections that a user has interacted with.
    SpSessionRegistryMapImpl.max.sessions This setting controls the maximum number of user sessions kept in memory. When this limit is reached, sessions are removed on a least-recently-used basis.

    The default setting is 10000.

    SpSessionRegistryMapImpl.max.individual.sessions This setting controls the maximum number of SP adapter sessions per user session. When this limit is reached, sessions are removed on a first-in first-out basis.

    The default setting is 500.

    SpSessionRegistryMapImpl.expiry.mins This setting defines the expiry period for user sessions in minutes. If no activity has been seen for a given user session for this period, it will be removed.

    The default setting is 1440.

    The Inter-Request State Management service has two maps. The 'state' map is used to store short-lived state information between requests within an SSO or SLO transaction. The 'attr' map is used by adapters (such as the HTML form adapter) to store user session attributes.
    InterReqStateMgmtMapImpl.max.size.state.map This setting controls the maximum number of user sessions in the state map. When this limit is reached, sessions are removed on a least-recently-used basis.

    The default setting is 10000.

    InterReqStateMgmtMapImpl.expiry.mins.state.map This setting controls the expiry period for user sessions in the state map. If no activity has been seen for a given user session for this period, it will be removed.

    The default setting is 30.

    InterReqStateMgmtMapImpl.max.size.attr.map This setting controls the maximum number of user sessions in the attribute map. When this limit is reached, sessions are removed on a least-recently-used basis.

    The default setting is 10000.

    InterReqStateMgmtMapImpl.expiry.mins.attr.map This setting controls the expiry period for user sessions in the attribute map. If no activity has been seen for a given user session for this period, it will be removed.

    The default setting is 1440.

    InterReqStateMgmtMapImpl.max.session.attrs This setting controls the maximum number of attributes stored in the attribute map for a given user session.

    The default setting is 500.

    SessionRevocationServiceMapImpl.max.revoked.sris This setting controls the maximum number of revoked session identifiers kept in memory. When this limit is reached, revoked identifiers are removed on a first-in first-out basis.

    The default setting is 50000.

    MetadataDirectory.max.size.idp.conn.map This setting controls the maximum number of IdP connections kept in memory. When this limit is reached, connections are removed on a least-recently-used basis.

    The default setting is 10000.

    MetadataDirectory.max.size.sp.conn.map This setting controls the maximum number of SP connections kept in memory. When this limit is reached, connections are removed on a least-recently-used basis.

    The default setting is 10000.

    ClientManagerXmlFileImpl.max.size.clients.map This setting controls the maximum number of OAuth clients kept in memory. When this limit is reached, clients are removed on a least-recently-used basis.

    The default setting is 10000.

  3. Restart PingFederate.