Comment: New article for IDM 5.0.0
| Info |
|---|
This article is new for Identity Manager 5.0.0. |
...
Attribute of the type element inside key | Description |
|---|
name | Type of storage: pkcs12or HSM. |
locationValue | For docker: For a software keystore (pkcs12): place the keystore under docker/compose/certs before creating the container with docker compose. Then set its location as absolute path, prefixed with file: pointing to the mounted file in/certs (inside the container), for example: locationValue="file:/certs/keystore.p12".
Default attestation keys are referenced from the classpath, for example, locationValue="classpath:attKeyMobileDef.p12". Change this only if you need your own keys. For an HSM: ensure the PKCS11 library is mounted into the container, then use the container’s path of the PKCS11 library, without filename extension, for example: locationValue="/usr/local/lib/libpkcs11hsm"
For WAR file deployment: For a software keystore: place the keystore under WEB-INF/classes and set its location, prefixed with classpath:, for example: locationValue="classpath:keystore.p12" For an HSM: use the path of the PKCS11 library, without filename extension, for example: locationValue="/usr/local/lib/libpkcs11hsm"
|
pin | PIN for the keystore or HSM. To avoid having clear text PINs in this file, the pin should be scrambled. That can be achieved by setting it with pin.encrypted="1234" instead of pin="1234". For WAR deployments the pin will then be scrambled on the next (re-)start of Tomcat. For docker deployments you need to scramble the pins with a dedicated tool while Identity Manager Admin/Identity Manager Operator containers are not running. After scrambling, the PIN will look something like pin="encrypted:someBase64EncodedValue". See Scramble sensitive data in Identity Manager files for detailed instructions. |
...
