Specific tables are required in order for PingFederate to store authentication sessions on your database server. Table-setup scripts are provided for supported database servers.

  1. Run the table-setup scripts, provided in the <pf_install>/pingfederate/server/default/conf/authentication-session/sql-scripts directory, for your database server.
  2. If you have not already done so, go to System > Data & Credential Stores. In the Data Stores window, create a Java Database Connection (JDBC) datastore for your database server.
  3. Copy the system ID of the applicable JDBC datastore from the Data Stores window.
  4. Edit the org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
    Note:

    For a clustered PingFederate environment, edit this file on the administrative console node first, and then replicate to other engine nodes using System > Server > Cluster Management as explained in later steps.

    Replace the <c:item name="PingFederateDSJNDIName"/> element value with the system ID of your data store connection and save the file.

    For example, if the system ID is JDBC-123456789ABCDEF123456789ABCDEF123456A0A6, update the org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml file as follows.

    <?xml version="1.0" encoding="UTF-8"?>
    <c:config xmlns:c="http://www.sourceid.org/2004/05/config">
        <c:item name="PingFederateDSJNDIName">JDBC-123456789ABCDEF123456789ABCDEF123456A0A6</c:item>
    </c:config>
  5. Edit the <pf_install>/pingfederate/server/default/conf/service-points.conf file.
    If the system ID is SessionStorageManager, locate the SessionStorageManager service point, set the value of the class attribute to org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl (the default value), then save the file.
    <!-- Service for storing Authentication Sessions. -->
    <service-point id="SessionStorageManager" interface="org.sourceid.saml20.service.session.data.SessionStorageManager">
        <invoke-factory>
            ...
            <construct class="org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl"/>
        </invoke-factory>
    </service-point>
    
    Note:

    For a clustered PingFederate environment, you must edit the hivemodule.xml file on each node manually as cluster replication can't replicate this change to other nodes.

  6. Start or restart the PingFederate service.
    Note:

    For a clustered PingFederate environment, replicate this new configuration to other engine nodes on System > Server > Cluster Management. Start or restart the PingFederate service on each engine node to activate the change.

PingFederate removes expired authentication sessions from the database once a day. To fine-tune the frequency and the number of expired authentication sessions to remove, see Managing authentication sessions stored in the database.