...

1. Install the HSM PKCS#11 middleware on the Identity Manager server. The PKCS#11 DLL/.so file will later be referenced in the Identity Manager configuration.

2. Install or create a signing and encryption certificate on the HSM as needed - depending on your use cases. Alias, slot and PIN will be required in the configuration to access these certificates.

...

1. To avoid this, you have these options:

   1. Deploy each Identity Manager webapp on its own dedicated Tomcat instance (Docker deployments always work like this).

      OR

   2. Remove all CMSDK JARs and all BouncyCastle JARs from all webapps' tomcat\<webapp>\WEB-INF\lib folders and place them in tomcat\libs instead (this ensures those JARs are served from the Tomcat common classloader for all webapps).

      1. CMSDK JARs:

         • cmcommon*.jar

         • cmsdk-*.jar

         • common-*.jar

      2. BouncyCastle JARs:

         • bcmail-*.jar

         • bcpgp-*.jar

         • bcpkix-*.jar

         • bcprov-*.jar (including bcprov-ext-*.jar)

Additional information