Configuring an external database for authentication sessions - PingFederate - 10.2

PingFederate Server

bundle
pingfederate-102
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.2
category
Product
pf-102
pingfederate
ContentType_ce

Set up various tables so that PingFederate can store authentication sessions on corresponding database servers.

Specific tables are required in order for PingFederate to store authentication sessions on your database server. Table-setup scripts are provided for supported database servers.

  1. Run the table-setup scripts, provided in the <pf_install>/pingfederate/server/default/conf/authentication-session/sql-scripts directory, for your database server.
  2. If you have not already done so, go to System > Data & Credential Stores. In the Data Stores window, create a Java Database Connection (JDBC) datastore for your database server.
  3. Copy the system ID of the applicable JDBC datastore from the Data Stores window.
  4. Edit the org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
    Note:

    For a clustered PingFederate environment, edit this file on the administrative console node first, and then replicate to other engine nodes using System > Server > Cluster Management as explained in later steps.

    Replace the <c:item name="PingFederateDSJNDIName"/> element value with the system ID of your data store connection and save the file.

    For example, if the system ID is JDBC-123456789ABCDEF123456789ABCDEF123456A0A6, update the org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml file as follows.

    <?xml version="1.0" encoding="UTF-8"?>
    <c:config xmlns:c="http://www.sourceid.org/2004/05/config">
        <c:item name="PingFederateDSJNDIName">JDBC-123456789ABCDEF123456789ABCDEF123456A0A6</c:item>
    </c:config>
  5. Edit the <pf_install>/pingfederate/server/default/conf/META-INF/hivemodule.xml file.
    If the system ID is SessionStorageManager, locate the SessionStorageManager service point, set the value of the class attribute to org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl (the default value), then save the file.
    <!-- Service for storing Authentication Sessions. -->
    <service-point id="SessionStorageManager" interface="org.sourceid.saml20.service.session.data.SessionStorageManager">
        <invoke-factory>
            ...
            <construct class="org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl"/>
        </invoke-factory>
    </service-point>
    
    Note:

    For a clustered PingFederate environment, you must edit the hivemodule.xml file on each node manually as cluster replication cannot replicate this change to other nodes.

  6. Start or restart the PingFederate service.
    Note:

    For a clustered PingFederate environment, replicate this new configuration to other engine nodes on System > Server > Cluster Management. Start or restart the PingFederate service on each engine node to activate the change.

PingFederate removes expired authentication sessions from the database once a day. To fine-tune the frequency and the number of expired authentication sessions to remove, see Managing authentication sessions stored in the database.