PingFederate 7.0.1
Configuring Reference-Token Management

On this screen, you can make changes to preset default settings for Reference Tokens (see Token Models).

  • Make changes as needed (see Field Descriptions below), or click Next to continue.
Field Descriptions

Field

Description

Token Length

The number of characters the AS uses to define the token reference. Increasing the length will enhance token security if desired. (Maximum: 256.)

Token Lifetime

The amount of time (in minutes) that an access token is considered valid.

Lifetime Extension Policy

Indicates whether the OAuth AS should reset token lifetimes each time a token is validated. The token plug-in checks the policy before updating the lifetime of an access token. Options are: no extension policy, reset token lifetimes only for transient tokens (not backed by a persistent policy), or reset lifetimes for all tokens.

Lifetime Extension Threshold Percentage

When PingFederate is deployed in a cluster and token-lifetime extension is enabled, there must be a cluster-group remote procedure call (RPC) to extend the life of a token.

This setting limits RPC overhead by suspending the calls until the set threshold is crossed. For example, if the token lifetime is one hour and the threshold is 50%, the lifetime will not be extended until the remaining time is less than 30 minutes. This option could potentially reduce RPC traffic between nodes by orders of magnitude while still supporting the LifeTime Extension Policy.

Advanced Fields

Mode for Synchronous RPC

Some RPC events require that the caller get some data from the remote nodes, so the call is synchronous and blocks waiting on the responses. This configuration setting indicates whether the caller should wait for a response from all nodes in the cluster or just a majority of nodes. This is designed to eliminate the need for a complete state synchronization at startup.

Synchronous RPC calls occur when a node receives a verification request for a token it does not recognize and for token issuance.

RPC Timeout

Timeout between cluster nodes during synchronous communication. Recommended setting is from 100 milliseconds to 1000 (1 second).