Picketlink is internally using JBoss cache, which can be cleared via jmx. You will need some tool for access to JMX (Like JBoss jmx-console or Sun's jconsole) and you will need to find this mbean: exo:portal="portal",service=PicketLinkIDMCacheService,name=plidmcache and call operation invalidateAll .
If you want some periodic cleanup, you may need to change JBoss cache configuration, which can be found under server/default/deploy/gatein.ear/02portal.war/WEB-INF/conf/organization/picketlink-idm in file jboss-cache.xml or jboss-cache-cluster.xml (if you are using cluster profile). You can try to change eviction configuration . By default it uses ExpirationAlgorithm but AFAIK expiration is defacto not triggered because AFAIK there is no support in picketlink code for it. So you can try to change to LRUAlgorithm or something different (See jboss cache documentation for details).
If it didn't help, you may need to clear Hibernate cache as well because picketlink is using Hibernate. I think it can be possible through jmx as well but you will need to investigate...
Hope this helps,
I have tried the JMX console and it doesn't do anything. I have also tried an empty jboss-cache.xml file as well as changing the configurations.
I am testing this by inserting a user manually in the MySQL database I have locally. I then have a page that retrieves all users. The view does not get refreshed with the new user.