Configuring an external database for authentication sessions - PingFederate

Configuring an external database for authentication sessions - PingFederate - 11.3

PingFederate Server

bundle

pingfederate-113

ft:publication_title

PingFederate Server

Product_Version_ce

PingFederate 11.3 (Latest)

category

Administrator

Administratorguide

Audience

Capability

ContentType

DeploymentMethod

Guide

Product

Productdocumentation

SingleSignonSSO

Software

SystemAdministrator

pf-113

pingfederate

ContentType_ce

Guide > Administrator Guide

Product documentation

Guide

Page created: 3 Mar 2023 |

Page updated: 9 Mar 2023

| 2 min read

Guide Administrator Guide Content Type Product documentation 11.3 Capability Single Sign-on (SSO) Deployment Method Software Audience Administrator System Administrator Product PingFederate

Set up various tables so that PingFederate can store authentication sessions on corresponding database servers.

Specific tables are required in order for PingFederate to store authentication sessions on your database server. Table-setup scripts are provided for supported database servers.

Run the table-setup scripts, provided in the <pf_install>/pingfederate/server/default/conf/authentication-session/sql-scripts directory, for your database server.
If you have not already done so, go to System > Data & Credential Stores. In the Data Stores window, create a Java Database Connection (JDBC) datastore for your database server.
Copy the system ID of the applicable JDBC datastore from the Data Stores window.
Edit the org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml file, located in the <pf_install>/pingfederate/server/default/data/config-store directory.

Note:
For a clustered PingFederate environment, edit this file on the administrative console node first, and then replicate to other engine nodes using System > Server > Cluster Management as explained in later steps.

Replace the <c:item name="PingFederateDSJNDIName"/> element value with the system ID of your data store connection and save the file.
For example, if the system ID is JDBC-123456789ABCDEF123456789ABCDEF123456A0A6, update the org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl.xml file as follows.
```
<?xml version="1.0" encoding="UTF-8"?>
<c:config xmlns:c="http://www.sourceid.org/2004/05/config">
    <c:item name="PingFederateDSJNDIName">JDBC-123456789ABCDEF123456789ABCDEF123456A0A6</c:item>
</c:config>
```
Edit the <pf_install>/pingfederate/server/default/conf/service-points.conf file.
For example, if the system ID is SessionStorageManager:
1. Go to the # Service for storing Authentication Sessions section.
```
# Service for storing Authentication Sessions.
# Supported classes:
#    org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl : Use this service-point for a Jdbc implementation.
#    org.sourceid.saml20.service.session.data.impl.SessionStorageManagerLdapImpl : Use this service-point for an LDAP implementation.
#    org.sourceid.saml20.service.session.data.impl.SessionStorageManagerDynamoDBImpl : Use this service-point for a DynamoDB implementation.
session.storage.manager=org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl
```
2. Change the value of the session.storage.manager service to com.org.sourceid.saml20.service.session.data.impl.SessionStorageManagerJdbcImpl, the default value.
Note:
In clustered PingFederate environments, you must manually edit the service-points.conf file on each node because cluster replication can't replicate this change to other nodes.
Start or restart the PingFederate service.

Note:
For a clustered PingFederate environment, replicate this new configuration to other engine nodes on System > Server > Cluster Management. Start or restart the PingFederate service on each engine node to activate the change.

PingFederate removes expired authentication sessions from the database once a day. To fine-tune the frequency and the number of expired authentication sessions to remove, see Managing authentication sessions stored in the database.