Access Federation is an Artifactory feature that offers you control over Access to any global JFrog products.
For example, it provides the ability to synchronize security entities between federated instances.
When using Access Federation to sync groups, users, and permissions updates, there is a possibility that these changes will fail if the sync occurs when:
1. Downtime for/maintenance of a specific instance is taking place.
2. A network issue has arisen.
3. Artifactory is experiencing sync errors, etc.
For any failed sync action event, data is saved in the access_federation_log table.
Access Federation's retry mechanism will make three (3) attempts, at a set time interval, to overcome a failed sync.
Should all of these fail, on the fourth attempt, the interval will increase and another three (3) sync attempts will be made.
These retries will be repeated until a given event is considered to be stale, which by default is 168 hours (one week).
This is configurable with the parameter consider-stale-hours in the access.config file. and basically means the time (hours) until the server can remain unresponsive before being considered stale.
It's important to understand this as it's related to Access Federation's cleanup mechanism, which is executed on the access_federation_log table. In this regard, another significant property is the delete-stale-events-factor, which defines how to multiply the consider-stale-hours parameter before deleting federation events, if a given event was not sent.
By default, this calculation should be 168 hours X 2 = 336 hours (two weeks), which means the cleanup mechanism will trigger after that period of time and will, by default clean up one week's worth of stale artifacts.
So, in case some tuning is required to the access_federation_log when the table is growing too quickly and consumes a lot of space, the above values can be tuned.