Quartz .NET is an open-source job scheduling system that OpenIddict supports for cleaning up temporary data such as orphaned authorizations or tokens from the database. The Rock Solid Knowledge Saml component for OpenIddict uses a store to hold SamlMessages as they are too large to be passed around in the query string.
The component also uses a store to hold SAML artifact data. This data should be pruned to prevent slowdown.
A quartz integration is available in the Rsk.Saml.OpenIddict.Quartz
package.
Setting up the Quartz integration
In order to set up the Quartz integration you will need to do the following:
- Configure a Quartz job store to hold data for the SAML component.
- Potentially create (or point to) a database to store the Quartz data.
- Configure the integration within DI.
Configuring a quartz job store
Quarts by default uses a job store that stores all data in memory.
Whilst this will work for getting started, we do not recommend you use this for production workloads.
For production we recommend you use the AdoJobStore.
To learn how to set this up, please refer to the Quartz tutorial here.
Initializing a database for the Quartz AdoJobStore.
If you wish to use the AdoJobStore, you will need to run a database script to initialize the required tables.
The script you will need depends on the database provider you wish to use.
The below table provides links to the SQL scripts required for each provider.
Configure the integration within DI.
Once you have a job store set up, you will need to configure the integration within DI. This involves making several calls within ConfigureServices.
Before calling AddSamlPlugin
, you need to call both the AddQuartz
and AddQuartzHostedService
methods.
Pruning old SAML messages and artifact data
After calling AddSamlPlugin
, you can then call either PruneSamlMessages
or PruneSamlArtifacts
on the OpenIddictSamlBuilder
.
Three overloads of each method exist. The first will prune messages or artifacts older than 14 days and will run the quartz job every hour.
The second allows you to enable or disable either the SAML message or SAML artifacts removal jobs by setting either the EnableSamlMessageRemoval
or EnableSamlArtifactRemoval
property of either the SamlOpenIddictMessageRemoverOptions
or SamlOpenIddictArtifactDataRemoverOptions
to false
as well as configuring the MaximumRefireCount
(the default is two) and the MinimumSamlMessageLifespan
and MinimumSamlArtifactLifespan
which both have a default of 14 days.
The final overload returns an OpenIddictSamlQuartzBuilder
allowing you to configure the same options as above but in a fluent manner.