Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Comment: Remember to update to the correct version when it is time to publish externally.

Info

This article is valid for Smart ID Identity Manager 24.R1 or later.

...

Info

Significant changes for Identity Manager 24.R1

  • PKCS#12 files containing demo keys are no longer included to avoid them ending up in production environments.

  • Various checks are introduced. For more informatio, see Sign and Encrypt engine bootstrap verification:

    • The old demo keys are explicitly blacklisted and Identity Manager will print an error log message, if any of those is encountered on startup of Identity Manager Operator and Identity Manager Admin.

    • Identity Manager Admin and Identity Manager Operator will no longer start without bootstrapping, as most descriptors have missing keys/certs by default.

    • Identity Manager Admin and Identity Manager Operator check on startup whether the configured key for encrypted fields matches the database and will abort if that is not the case.

    • Identity Manager Operator checks on startup if the currently configured key for history signing matches the database and will abort if that is not the case.

  • Bootstrap CA/certificate/key generation tooling has been refined, it now works properly on Docker and is limited to development or test use (see Bootstrapping development and test systems).
    For production environments manual bootstrapping via Certificate Authorities is required. For more information, see Bootstrapping production Systems for details.

  • Pin scrambling of signencrypt.xml now works in Docker deployments via dedicated tooling. See Scramble sensitive data in Identity Manager files.

  • Each descriptor now references its own key by default, instead of for example, ZIP signing and history signing sharing the same key.

...