Support Article
Stale SAML related data left in pr_data_admin table
SA-18900
Summary
There are more than 50000 records related to SAML login processing in pr_data_admin table.
Error Messages
Not Applicable
Steps to Reproduce
1. Use OpenSAML2.0 for SSO
Root Cause
A defect in Pegasystems’ code or rules. DB contention in pr_data_admin table as this table is used by other Pega modules including SAML related classes. There has been huge amount of left over data from Data-Admin-LoginInfo and Data-Admin-Security-SSO-SAML-AuthRequestContext classes in the pr_data_admin table. pyCleanupWebSSO agent is scheduled to run every 24 hours which is intended to clean any SAML related data in the pr_data_admin, but it only purges 100 records at each run and would not suffice to clean up 50,000+ stale records.
Resolution
Make the following change to the operating environment: Create a cron job scheduler that runs frequently to execute SQL DELETE on pr_data_admin table to purge instances of Data-Admin-LoginInfo and Data-Admin-Security-SSO-SAML-AuthRequestContext. Purge records 2 minutes or older
DELETE
FROM pr_data_admin
WHERE PXOBJCLASS IN ('Data-Admin-LoginInfo', 'Data-Admin-Security-SSO-SAML-AuthRequestContext') AND
PXCOMMITDATETIME < (SYSDATE - (2 / 1440));
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.