| Info |
|---|
This article is valid for Smart ID 24.R1 and later. |
...
Encryption and decryption of fields in the Identity Manager database (descriptor “encryptedFields“)
Signing and verification of the object history (descriptor “objectHistorySigner“)
Signing , validation and encryption and validation of the configuration files (descriptor “configZipSigner“)
Encryption of the configuration files (descriptor “configZipEncrypter“)
Signing and encryption of emails (descriptor “signEmailDescriptor“) Does the engine really handle email encryption?
Creation of JWS signatures used for Smart ID messaging content provider API (descriptor “ContentProviderJWSSigner“)
Authentication of Smart ID Self-Service users to the Identity Manager backend (descriptor “SelfServiceJWTSigner“)
Decryption of PIN blobs from pre-personalized smart-cards created with the Personal Desktop Client
Attestation for provisioning to Smart ID Mobile / Desktop Apps (descriptors “att_*“)
| Note |
|---|
Different set of JAR files for Identity Manager in Smart ID 21.10 and later Certificate Manager SDK 8.4 and later (as used in IDM 21.10 and later) has a different set of JAR files compared to previous versions: cmcommon-x.y.z.jar => renamed to cm-common-x.y.z.jar See also the section "Configure Tomcat" below. |
...
To avoid this, you have these options:
Deploy each Identity Manager webapp on its own dedicated Tomcat instance (Docker deployments always work like this).
OR
Remove all CMSDK JARs and all BouncyCastle JARs from all webapps' tomcat\<webapp>\WEB-INF\lib folders and place them in tomcat\libs instead (this ensures those JARs are served from the Tomcat common classloader for all webapps).
CMSDK JARs:
cmcommon*.jar
cmsdk-*.jar
common-*.jar
BouncyCastle JARs:
bcmail-*.jar
bcpgp-*.jar
bcpkix-*.jar
bcprov-*.jar (including bcprov-ext-*.jar)
Additional information
| Expand | ||
|---|---|---|
| ||