...

...

...

TODO: new content explaining the new dev-/test tooling for WAR and Docker deployments, see also https://confluence.nexusgroup.com/pages/viewpage.action?pageId=211419460

Tomcat deployments

xy

(note: bootstrapping should be done on IDMOperator, then resulting files copied over to Admin and optionally pruned of files and entries IDM Admin does not need)

For development and test environments, test keys and certificates for all default descriptors can be generated using features of the IDM bootstrap.zip package and bootstrap docker container.

For Tomcat development or test deployment

Requirements

• Tomcat not started

• Tomcat folder containing unpacked IDM Operator and IDM Admin of IDM 5.0.0, or later versions, on Linux or Windows

• unpacked bootstrapping.zipfor the respective IDM release

Instructions

1. Open a command-line window.

2. Change to the unpacked bootstrap folder containing create_sign_encrypt_certs.sh (linux) or create_sign_encrypt_certs.bat (windows).

3. Execute the respective script for your OS.

   1. Linux: ./create_sign_encrypt_certs.

...

1. 1. sh --targetDir /PATH/TO/TOMCAT/webapps/idm-operator/WEB-INF/classes [OPTIONAL ARGS]

   2. Windows: create_sign_encrypt_certs.bat --targetDir C:\PATH\TO\TOMCAT\webapps\idm-operator\WEB-INF\classes

...

1. 1. [OPTIONAL ARGS]
      Execute the script without any parameters to see all supported arguments (if you need the plain text passwords of the generated P12 files, then adding the passwordList argument is recommended):

      Code Block
      create_sign_encrypt_certs.bat

...

1. 1. / create_sign_encrypt_certs.sh       --caDir <dir>           CA cert directory - absolute or relative to

...

1. 1. bootstrapping directory (default: cacerts)

...

1. 1. --configFile <file>     config to modify - absolute or relative to

...

1. 1. target directory (default:

...

1. 1. engineSignEncryptConfig.xml)

...

1. 1. --passwordList <file>   optionally create file which lists unscrambled

...

1. 1. passwords - absolute or relative to target

...

1. 1. directory (will overwrite existing)

...

1. 1. --targetDir <dir>       target directory for certificates - absolute

...

1. 1. or relative to current directory

...

Docker deployments

...

2. Copy all P12files and engineSignEncryptConfig.xml from idm-operator/WEB-INF/classes to idm-admin/WEB-INF/classes optionally you can prune the files and XML entries which IDM Admin does not need.

For docker development or test deployment

Requirements

• An unpacked SmartID package for the respective IDM release on a Linux/WSL docker host

• No container started

Instructions

1. Open the smartid/docker/composefolder.

2. Prepare the files init-smartid.env and smartid.env according to the deployment documentation.
   If you need the plain text passwords of the generated P12 files, then edit smartid/docker/compose/identitymanager/bootstrap/docker-compose.yml
   and replace command: ["-configFile", "/usr/local/tools/config/signencrypt.xml", "-targetDir", "/usr/local/tools/certs"]

   within the create_sign_encrypt_certs section with
   command: ["-configFile", "/usr/local/tools/config/signencrypt.xml", "-targetDir", "/usr/local/tools/certs", "-passwordList", "pwlist.txt"].
   This will ensure the file smartid/docker/compose/certs/pwlist.txt will be created.

3. Execute the init script: ./init-smartid.sh, which will guide you through the process, including bootstrapping.

Additional information