PingAM 8.0.0

Configure server-side sessions

By default, AM configures the CTS token store schema in the AM configuration store. Before configuring your AM deployment to use server-side journey or authenticated sessions, we recommend you install and configure an external CTS token store. Learn more in Core Token Service (CTS).

Server-side journey and authenticated sessions benefit from configuring sticky load balancing. Learn more in Load balancing.

Configure server-side journey sessions

  1. In the AM admin UI, go to Realms > Realm Name > Authentication > Settings > Trees.

  2. From the Authentication session state management scheme drop-down list, select CTS.

  3. In the Max duration (minutes) field, enter the maximum life of the journey session in minutes.

    You can also set the maximum duration in a tree or at the node level. Learn more in Maximum duration.

  4. Save your changes.

  5. Go to Configure > Authentication > Core > Security.

  6. In the Organization Authentication Signing Secret field, enter a base64-encoded HMAC secret that AM uses to sign the JWT that is passed back and forth between the client and AM during the authentication process. The secret must be at least 128-bits in length.

  7. Save your changes.

Configure server-side authenticated sessions

  1. In the AM admin UI, go to Realms > Realm Name > Authentication > Settings > General.

  2. Ensure the Use Client-Side Sessions check box is not selected.

  3. Save your changes.

  4. Verify that AM creates a server-side authenticated session when non-administrative users authenticate to the realm. Perform the following steps:

    • Authenticate to AM as a non-administrative user in the realm you enabled for server-side sessions.

    • In a different browser, authenticate to AM as an administrative user. For example, amAdmin.

    • Go to Realms > Realm Name > Sessions.

    • Verify that a session is present for the non-administrative user.