THIS IS A WORK IN PROGRESS!

Smart ID Identity Manager offers support for HSM (Hardware Security Model) for several use cases:

• Encrypt and decrypt fields in the Identity Manager database

• Sign and verify object history

• Sign and validate config zip files

• Encrypt config zip files

• Sign and encrypt emails

• Authenticate Smart ID Self-Service users to the Identity Manager backend

• Creating JWS signatures used for Hermod's content provider API

• Decrypting PIN blobs from pre-personalized smart-cards created with Personal Desktop Client

• Attestation for provisioning to Smart ID Mobile / Desktop Apps

...

1. To avoid this, you have these options:

   1. Deploy each Identity Manager webapp on its own dedicated Tomcat instance (Docker deployments always work like this).

      OR

   2. Remove all CMSDK JARs and all BouncyCastle JARs from all webapps' tomcat\<webapp>\WEB-INF\lib folders and place them in tomcat\libs instead (this ensures those JARs are served from the Tomcat common classloader for all webapps).

      1. CMSDK JARs:

         • cmcommon*.jar

         • cmsdk-*.jar

         • common-*.jar

      2. BouncyCastle JARs:

         • bcmail-*.jar

         • bcpgp-*.jar

         • bcpkix-*.jar

         • bcprov-*.jar (including bcprov-ext-*.jar)

Additional information