Previous Topic: Authentication Flow ManagerNext Topic: User Data Service

CA Adapter UNIX Installation GuideIntroduction to AdapterAdapter ArchitectureState Manager

State Manager

State Manager is responsible for creating, maintaining, and tracking the tokens that are used to associate the authentication and risk status of a logon session across multiple Adapter components, and your application. The tokens, which contain information about the user and the session state, enable other Adapter components to remain stateless.

State Manager also provides a token validation mechanism to securely communicate the authentication result, the risk result (if configured), and the subsequent action to be performed by the IdP or Authentication Shim.

In the case of a SiteMinder integration, State Manager also acts as a proxy to RiskMinder by providing risk evaluation services to other authentication components. State Manager receives the risk evaluation input parameters from the calling application and passes them to RiskMinder. After the risk evaluation is complete, State Manager inserts the risk evaluation result into the token for further examination or processing by other components. Based on the implemented workflow, risk evaluation can be performed before or after user authentication. If the risk evaluation takes place after user authentication, the result of the user authentication is stored in the token and then the risk evaluation is performed.

In the case of a SAML integration, State Manager maintains session information of the authenticated user in a token.

In the case of an SSL VPN integration, State Manager is required when the primary authentication mechanism is ArcotID OTP for browsers. If the ArcotID OTP is used on multiple devices, State Manager is required to keep the ArcotID OTP data consistent with the data stored on the server.

Adapter provides database failover support for State Manager. If the primary database server is unavailable, State Manager can switch over to the secondary database server. To use this feature, you need to configure the secondary database server and synchronize it with the primary database. This makes the users’ session information available all the time. To enable the failover support, a new set of parameters have been introduced in the State Manager properties file that you would need to configure. For details on the parameters that you need to configure to enable the database failover, see the table on Database Connectivity Parameters in Configuration Files and Options.