This article is valid from Nexus PRIME 3.9.

To install Java on the Identity Manager server:

1. Download and install Oracle Java JRE (or JDK) according to https://java.com/.
   For information on the supported Java versions, see Identity Manager requirements IDM 23.10.3 - Requirements and interoperability.
   Keep the default installation path, since it is needed again for the Tomcat installation.

   Note
   If you get prompted to remove old Java installations, do not do that until you have installed Identity Manager with the latest Java update, and know that it works.

   
   

2. To set the cryptographic policy of Java, edit the policy settings:

   1. Open the file <java-home>/lib/security/java.security for editing.

   2. Uncomment the following line, to allow use of the included policy files:

      Code Block
      title Example: crypto.policy
      crypto.policy=unlimited

      
      

   3. Save and close the file.

      Note
      Identity Manager default settings require use of the unlimited policy files, to allow Identity Manager to use strong encryption algorithms and key sizes. Due to national regulations in some countries Java is shipped by default with a restricted setup. If the national regulations does not allow to use this policy, the encryption and signing settings in Identity Manager need to be changed.

      
      

      Note
      For older Java installations, previous to Java 8 Update 151, the policy files are not included in the default installation. In that case, you must download and install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction policy files, according to: http://www.oracle.com/technetwork/java/javase/downloads/index.html

      
      

To configure memory settings and start up Tomcat:

1. Open the Tomcat Properties either via the System Tray, by clicking Configure or via Configure Tomcat in the Apache Tomcat program group in the windows start menu.
2. Go to the Java tab.

3. In order to obtain the best possible performance from the Tomcat service, and therefore the Identity Manager applications, enter values for the following parameters. Consider the Notes on memory sizes below when choosing the values:

   Parameter	Example value	Corresponding Java option
   Initial Memory pool	512 MB	Xms
   Maximum Memory pool	2048 MB	Xmx
   Thread stack size	2048 KB	Xss

   
   

   Note
   title Notes on memory sizes
   The Initial Memory pool value can vary significantly depending on the requirements in the projects and the expected load on the Application server. Consider how many background processes are running and how many concurrent users are expected in the Identity Manager clients, as well as how many sub systems will be connected to Identity Manager. The Maximum Memory pool value should be aligned to the available memory on the Server, reserving some memory for OS background processes. Experiences in projects show that a good balance between Xms and Xmx is 1:4. This may also vary according specific project requirements. If you use Java 32-Bit, keep in mind that the Xmx must be less than 1500 MB. If the Tomcat service does not start up, there may not be enough free memory available. In this case, the values must be reduced. Details can also be found in the Tomcat log files. Additional configuration settings are required for Tomcat for certain functions. These are, for example: SSL/TLS configuration for HTTPS connections For more information, see Configure https HTTPS for Tomcat. Certificate-based login for Identity Manager clients For more information, see Set up certificate-based login to Identity Manager.

   
   

4. Go to the General tab. Verify the information and set Startup type to Automatic. Click Start.

5. The Tomcat server is started and unzips the .war files into the new folders:
   - prime_designer
   - prime_explorer
   - prime_tenant
   - ussp
   
   This process usually takes a few minutes.

6. When the program files have been installed, stop Tomcat again to configure the database connection:
   In the General tab, click Stop.