| Info |
|---|
This article is valid for Smart ID 24.R1 and later. |
THIS IS A WORK IN PROGRESS!
Smart ID Identity Manager offers support for HSM (Hardware Security Model) for several use cases:
...
Configure engineSignEncryptConfig.xml / signencrypt.xml
Do the Identity Manager HSM configuration in the file engineSignEncryptConfig.xml in the WEB-INF/classes folder for each of the relevant Identity Manager clients, i.e. IDM Admin and IDM Operator
...
.
In case of Docker deployment, the file docker/compose/identitymanager/config/signencrypt.
...
xml needs to be edited instead
...
.
| Note |
|---|
All Identity Manager clients that use the same database, must have the same keys and certificates configured in the XML. |
...
To avoid this, you have these options:
Deploy each Identity Manager webapp on its own dedicated Tomcat instance (Docker deployments always work like this).
OR
Remove all CMSDK JARs and all BouncyCastle JARs from all webapps' tomcat\<webapp>\WEB-INF\lib folders and place them in tomcat\libs instead (this ensures those JARs are served from the Tomcat common classloader for all webapps).
CMSDK JARs:
cmcommon*.jar
cmsdk-*.jar
common-*.jar
BouncyCastle JARs:
bcmail-*.jar
bcpgp-*.jar
bcpkix-*.jar
bcprov-*.jar (including bcprov-ext-*.jar)
Additional information
| Expand | ||
|---|---|---|
| ||