Is StateManager aka Token Server truly stateless?
search cancel

Is StateManager aka Token Server truly stateless?


Article ID: 217469


Updated On:


CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Risk Authentication


Is StateManager (aka Token Server) truly stateless?

The answer is YES. This a an informational document. The statelessness aspect of the StateManager can be validated when more than one StateManagers are configured in a Highly Available (HA) Loadbalanced environment.


Release : 9.x

Component : AuthMinder(Arcot WebFort) 

Two or more StateManagers configured behind a Loadbalancer.


Not Applicable


This is a high level discussion of StateManager capabilities. This is not meant to be a very detailed code level discussion. Detailed StateManager 's Token Management and internals of the Token data is out of scope of this discussion.

  1. StateManager is truly stateless, that is, it does not hold any state information within its internal programmatic structures. Hence, ANY StateManager behind a Load Balancer can be invoked to complete the next action in the AA flow.
  1. StateManager is a web application deployed in an Application Server (Such as Tomcat, Oracle WebLogic, IBM Websphere or JBoss etc.)
  1. StateManager stores all state information in a “Token” and stores this token in the Arcot database table called ARTSTOKENS. Any StateManager configured behind a LoadBalancer can be called upon to Create/Update/Read/Delete a token.
  1. StateManager’s access to ARTSOKENS table is key for Token Management. Tokens contain the information that directs the StateManager towards the next operation in the AA flow. Note the tokens can be read by all StateManagers that participates in the AA environment.

Additional Information