Comment: This article is new for Smart ID Identity Manager 24.R1.
Remember to update the release version number before publishing externally.
| Info |
|---|
This article includes updates for Smart ID Identity Manager 24.R1. |
...
Generate dummy certificate for transient key-pairs generated on a target device when provisioning Smart ID Mobile/Desktop App profiles (the certificates themselves are merely used as transport container for the key-usage parameter)
Required
TODO: David Banz what should we add here? This info is misssingmissing.
Configured in the following application
...
| Info |
|---|
Descriptor included in default configuration. Correct bootstrapping is required for productive use. Only dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding Docker container). |
...
Use-case
...
Authentication of Smart ID Self-Service users to the Identity Manager backend
...
Configured in the following applications
Identity Manager Operator
Storage
storage: pkcs12, HSM (recommended)versioning: possible
pkcs12
Versioning
Possible, but unnecessary.
...
General requirements
...
- placeholder
Placeholder keys forbidden for productive use
- even
Even if Smart ID Self-Service is not deployed the related REST endpoints could face the risk of unauthenticated access
- even
Key requirements
...
...
Supported types
...
RSA 2048
RSA 3072
RSA 4096 (recommended)certificate
Certificate requirements
...
- may
Maybe self-signed
- validity
Validity is ignored
- key
Key usage is not checked (recommended for informational purposes: set digitalSignature)
- certificate
Certificate does not need to be trusted
ContentProviderJWSSigner
| Info |
|---|
Descriptor included in default configuration. Correct bootstrapping may be required for productive use, depending on the use-case. Dev- and test systems may use placeholders (for example created with bootstrap.zip package or the corresponding Docker container). |
...