Previous Topic: Set Up the Artifact Profile for SSONext Topic: User Directory Connections for Partnership Federation


Storing User Session, Assertion, and Expiry Data

This section contains the following topics:

Federation Features Requiring the Session Store

Enable the Session Store

Environments that Require a Shared Session Store

Federation Features Requiring the Session Store

The session store holds data for the following federation features:

Enable the session store to hold this type of user session, assertion, and expiry data.

Enable the Session Store

Enable the session store to hold data when using SAML artifact for single sign-on, single logout, and enabling the single use of a policy.

Enable the session store from the Policy Server Management Console.

Follow these steps:

  1. Log in to the Policy Server Management Console.
  2. Select the Data tab.
  3. Select Session Store from the drop-down list in the Database field.
  4. Select an available storage type from the drop-down list in the Storage field.
  5. Select the Session Store enabled check box.

    If you are going to use persistent sessions in one or more realms, enable the Session Server. When enabled, the Session Server impacts Policy Server performance.

    Note: The Use Policy Store database option is disabled. For performance reasons, the session server cannot be run on the same database as the policy store.

  6. Specify Data Source Information appropriate for the chosen storage type.
  7. Click OK to save the settings and exit the Console.
  8. Stop and restart the Policy Server.

Environments that Require a Shared Session Store

The following features require a shared session store to store SAML assertions and user session information.

To implement these features across a clustered Policy Server environment, set up the environment as follows:

All Policy Servers that generate or consume assertions or process a persistent SMSESSION cookie must be able to contact the common session store. For example, a user logs in to example.com and gets a persistent session cookie for that domain. Every Policy Server that is handling requests for example.com must be able to verify that the session is still valid.

The following illustration shows a Policy Server cluster communicating with one session store:

Graphic of policy servers sharing one session server

To share a session store, use one of the following methods: