StateManager JNDI configuration is not needed from 9.0.02 onwarrds
search cancel

StateManager JNDI configuration is not needed from 9.0.02 onwarrds


Article ID: 116276


Updated On:


CA Rapid App Security CA Advanced Authentication


Prior to CA Strong Authentication version 9.0.02. The JNDI connection when using say Tomcat as the application server required one to do the following:

1.Specify a JNDI name on the  AtcotAFMWizard configuration screen like the one below 

<Please see attached file for image>

User-added image

Note that "Primary JNDI Name"  is not asked for in version 9.0.02 and the ArcotAFMWizard screen looks like this: 

<Please see attached file for image>

User-added image

2.  Prior to 9.0.02 file that was created had these line for JNDI configuration as shown below. Note that at 9.0.02 you will not find these lines in 

# --------------------------------------------------------------------------
# Application server pool name(s). Uncomment backup datasource settings to 
# configure the backup database. To configure additional backup data sources, add more
# database properties.
# --------------------------------------------------------------------------

#<!-- Primary datasource properties -->

#<!-- Backup datasource properties -->

3. Prior to 9.0.02, to make the JNDI connection to the database it was required that server.xml contain the following "Resource name" section that required the "username" and "password" to provided in clear. At 9.0.02 this entry is not needed. 

===  The section "<Resource name..........." with JNDI name "primaryjndi" in the example below  is NOT  needed  at 9.0.02==
<!-- Global JNDI resources
       Documentation at /docs/jndi-resources-howto.html

<Resource name="primaryjndi" auth="Container" 
            type="javax.sql.DataSource" username="arcotuser" password="yourpasswrd" 
            driverClassName="" url="jdbc:sqlserver://kumgi02-S12076:1433;databaseName=arcotdb;selectMethod=cursor" maxWait="30000" maxActive="32" maxIdle="4" initialSize="4" 
    timeBetweenEvictionRunsMillis="600000" minEvictableIdleTimeMillis="600000"/>
============================  ====================================

4. Prior to 9.0.02, to make the JNDI connection to the database it was required that context.xml contain the following "ResourceLink" section. At 9.0.02 this entry is not needed. 

=========  Similarly context.xml  will not need  this  ResourceLink line ==============
<ResourceLink global="primaryjndi" name="primaryjndi" type="javax.sql.DataSource"/>
============================= ========================================


Customers have requested that any DB credential related entries that are required in say server.xml  should be encrypted and not be shown in clear. Hence, CA Strong Authentication version 9.0.02 addresses the security issue and removes any requirements that may lead to exposing the DB credentials in clear.


CA Strong Authenticaion version 9.0.02


1. Run the ArcotAFMWizard (which will create the in <ARCOT_HOME>\conf\afm)
2. Ensure that new arcotsm.war that is released as a part of 9.0.02 is deployed correctly (clearing any WORK and Temp folders associated with the application server of choice)

Additional Information

To test if the CA Statemanager is connecting to the Database

Step 1. Use the Statemanager test tool by invoking -http://hostname:port/arcotsm to bring up the Statemanager test page. Then Create a token and Read the token back. 

Step #2. After a successful Token Create action using the tool mentioned in Step #1 above please verify that the Tokens are being inserted in ARTSTOKENs table.  You may  check the inserted row in the ARTSTOKENS table via the SQL query below. This query should return a row for the token that was inserted in Step #1.

select * from ARTSTOKENS where tsTokenId ='Povide the Token that you created in Step 1 ';

Step #3 Examine the arcotsm.log to check that no errors are reported on Create Token or Read Token as attempted in Step #1


1558695315446000116276_sktwi1f5rjvs16i3a.jpeg get_app
1558695313477000116276_sktwi1f5rjvs16i39.jpeg get_app