Managing expired persistent grants - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

PingFederate removes expired persistent grants once a day. The cleanup task removes 500 expired grants at a time until all expired grants are removed.

If expired grants are growing rapidly, you can optionally increase the frequency of the cleanup task.

Note:

Increasing the frequency of the cleanup task or the number of expired sessions to be removed per batch adds more workload to your storage server. Make gradual changes, if any, to observe the impact.

Important:

In a clustered PingFederate environment, the cleanup task runs only on the console node. If adjustments are required, make them on the console node. No changes are required on any of the engine nodes.

When storing persistent grants on a PingDirectory server that is version 7.0 or later, you can use the PingFederate cleanup task or configure a cleanup plugin in PingDirectory instead. The plugin allows fine-grained control over various aspects of the cleanup task, which might improve the performance impact. For more information and configuration steps, see Managing expired persistent grants in PingDirectory.

  1. Optional: Adjust the frequency of the cleanup task.
    1. Edit the timer-intervals.xml<pf_install>/pingfederate/server/default/data/config-store directory.
    2. Update the AccessGrantCleanerInterval value, in milliseconds.

      The default value is 86400000, which is 24 hours.

    3. Save your changes.
  2. Optional: Adjust the number of expired grants to be removed per batch.
    1. Edit the configuration file relevant to your storage platform.

      This configuration file is located in the <pf_install>/pingfederate/server/default/data/config-store directory, as described in the following table.

      Storage platform Configuration file
      Database server org.sourceid.oauth20.token.AccessGrantManagerJdbcImpl.xml
      PingDirectory org.sourceid.oauth20.token.AccessGrantManagerLDAPPingDirectoryImpl.xml
      Microsoft Active Directory org.sourceid.oauth20.token.AccessGrantManagerLDAPADImpl.xml
      Oracle Unified Directory org.sourceid.oauth20.token.AccessGrantManagerLDAPOracleImpl.xml
    2. Update the ExpiredGrantBatchSize value.

      The following example shows an updated value of 400.

       file, located in the<?xml version="1.0" encoding="UTF-8"?>
      <c:config xmlns:c="http://www.sourceid.org/2004/05/config">
          ...
          <c:item name="ExpiredGrantBatchSize">400</c:item>
          ...
      </c:config>

      The default value is 500.

    3. Save your changes.
  3. After you have made changes, restart PingFederate.

    In a clustered PingFederate environment, you do not have to change or restart PingFederate on any of the engine nodes.