PingAM 7.5.0

Configure server-side sessions

By default, AM configures the CTS token store schema in the AM configuration store. Before configuring your AM deployment to use server-side sessions or authentication sessions, we recommend you install and configure an external CTS token store. For more information, refer to Core Token Service (CTS).

Server-side sessions and authentication sessions benefit from configuring sticky load balancing. For more information, refer to Load balancing.

Configure server-side authentication sessions

Configuring storage location for authentication sessions is only supported for authentication trees. Authentication chains always store authentication sessions in AM’s memory. For more information, refer to Introduction to sessions.

  1. In the AM admin UI, go to Realms > Realm Name > Authentication > Settings > Trees.

  2. From the Authentication session state management scheme drop-down list, select CTS.

  3. In the Max duration (minutes) field, enter the maximum life of the authentication session in minutes.

  4. Save your changes.

  5. Go to Configure > Authentication > Core > Security.

  6. In the Organization Authentication Signing Secret field, enter a base64-encoded HMAC secret that AM uses to sign the JWT that is passed back and forth between the client and AM during the authentication process. The secret must be at least 128-bits in length.

  7. Save your changes.

Configure server-side sessions

  1. In the AM admin UI, go to Realms > Realm Name > Authentication > Settings > General.

  2. Ensure the Use Client-Side Sessions check box is not selected.

  3. Save your changes.

  4. Verify that AM creates a server-side session when non-administrative users authenticate to the realm. Perform the following steps:

    • Authenticate to AM as a non-administrative user in the realm you enabled for server-side sessions.

    • In a different browser, authenticate to AM as an administrative user. For example, amAdmin.

    • Go to Realms > Realm Name > Sessions.

    • Verify that a session is present for the non-administrative user.

Copyright © 2010-2024 ForgeRock, all rights reserved.