Access Management 7.3.2

Introduction to sessions

A session in AM is a token that represents a usually interactive exchange of information between AM and a user or identity.

AM creates an authentication session to track the user’s authentication progress through an authentication chain or tree. Once the user has authenticated, AM creates a session to manage the user’s or entity’s access to resources.

AM session-related services are stateless unless otherwise indicated; they do not hold any session information local to the AM instances.

Instead, they store session information either in the CTS token store or on the client. This architecture allows you to scale your AM infrastructure horizontally since any server in the deployment can satisfy any session’s request.

Sessions have different characteristics depending on where AM stores the sessions. Session storage location is configured at the realm level. The following table illustrates where AM can store sessions:

Session storage location
In the CTS token store On the client In AM’s memory

Authentication sessions

(1)

(1) (Default in new installations)

(2) (Default after upgrade)

Sessions

✔ (Default)

(1) Authentication trees only.

(2) Available for authentication trees and authentication chains.

Session storage location can be heterogeneous within the same AM deployment to suit the requirements of each of your realms.