Comment: Remember to update the release version number before publishing externally.

...

For more information, see Configure Tomcat below.

Prerequisites

• Installed Smart ID 24.R1 or later

• Installed and running HSM with PKCS#11 library available on the Identity Manager server

...

• Create a new folder for it and add the folder to the PATH or copy it to your C:\Windows\System32 folder.

Docker deployment

For Docker docker deployment, libjpkcs11 must be placed onto the docker host and then mounted into the respective containers.

Add a volume mount to docker/compose/identitymanager/admin/docker-compose.ymland docker/compose/identitymanager/operator/docker-compose.yml. In the example below, libjpkcs11_x64-3.6.3.1.so (version number may vary) is placed into the docker/compose/identitymanager/config/ folder, which is then mounted into the container’s Tomcat folder for native libs as libjpkcs11.so.

    volumes:
      - "../config/libjpkcs11_x64-3.6.3.1.so:/usr/local/tomcat/native-jni-lib/libjpkcs11.so:ro"

...

Perform the Identity Manager HSM configuration in the file engineSignEncryptConfig.xml in the WEB-INF/classes folder for each of the relevant Identity Manager clients. In case of Docker deployment, edit the file docker/compose/identitymanager/config/signencrypt.xml.

...

To avoid this, deploy each Identity Manager web app on its own dedicated Tomcat instance (Docker deployments always work like this) or remove all CMSDK JARs and all BouncyCastle JARs from all webapps' tomcat\<webapp>\WEB-INF\lib folders and place them in tomcat\libs libs instead. This ensures that the JARs are served from the Tomcat common classloader for all web apps.

CMSDK JARs:

• cmcommon*.jar

• cmsdk-*.jar

• common-*.jar

BouncyCastle JARs:

• bcmail-*.jar

• bcpgp-*.jar

• bcpkix-*.jar

• bcprov-*.jar (including bcprov-ext-*.jar)

Additional information