Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Migrate from SmartACT to Identity Manager

Owned by Karolin Hemmingsson (Unlicensed)
Last updated: Jan 18, 2024 by Ylva AnderssonVersion comment
8 min read

This article describes how to migrate from SmartACT to Smart ID Identity Manager.

This is a summary of what must be in place before the migration starts. More information is found in the article.

  • Java 8 Runtime is installed

  • JRE_HOME is set as environmental variable

  • java-security-policy-fix is recorded

  • Databases are correctly registered in database.properties

  • Run Data Encryption Certificate is provided and configured in encryption-config.xml

  • Personalization is done correctly in migrate_persons.properties

  • Configuration for cards/tokens is correct in migrate_cards.properties

  • Certificates configuration is correct in migrate_certificates.properties (PKI only Card management)

  • Smart ID configurations (for example, Base, Physical ID, DIgital ID) in the latest version are available

Step-by-step instruction

Preparation

  1. Install the current version of Java Runtime Environment (JRE).

  2. Set JRE_HOME to the installation directory of java jre
    (for example: C:\Program Files\Java\jre1.8.0_161\bin)

  3. Import the java-security-policy-fix for the installed Java version. The jce-policy-8.zip is provided with the migration package.

  4. Unpack the migration package of delivery in a directory of your choice.



  1. Go to the specified migration directory.

  2. In the file database.properties specify the attributes HOST_NAME, DB_PORT, DB_NAME, USER_NAME and USER_PASSWORD for SmartACT and Identity Manager. The properties inside database.properties match those, described in PRIME installation.

    SmartACT database

    ### SmartACT Database smartAct.jdbcUrl=jdbc:sqlserver://<HOST_NAME>:<DB_PORT>;databaseName=<DB_NAME>;AUTO_SERVER=TRUE #smartAct.jdbcUrl=jdbc:sqlserver://<HOST_NAME>:<DB_PORT>;databaseName=<DB_NAME>;instance=<INSTANCE_NAME>;AUTO_SERVER=TRUE - verwendet für SQLEXPRESS Datenbank-Server smartAct.user=<USER_NAME> smartAct.password=<USER_PASSWORD>



    Identity Manager database

    ### PRIME Database prime.jdbcUrl=jdbc:sqlserver://<HOST_NAME>:<DB_PORT>;databaseName=<DB_NAME>;AUTO_SERVER=TRUE #prime.jdbcUrl=jdbc:sqlserver://<HOST_NAME>:<DB_PORT>;instance=<INSTANCE_NAME>;databaseName=<DB_NAME>;AUTO_SERVER=TRUE - verwendet für SQLEXPRESS Datenbank-Server prime.user=<USER_NAME> prime.password=<USER_PASSWORD> ...



You must have read/write rights of the SQL users on the databases.





  1. Make sure that the certificate for encrypting run data in SmartACT (idexpertcert02.p12) is stored in the directory config. The migration tools contains this certificate, if it is not supplied by you.

  2. Open the file encryption-config.xml and check if the value of the attribute pin under the key idexpertcert02 is correct, otherwise set the value:

    encryption-config.xml

    ... <keys> <key name="idexpertcert02"> <type name="pkcs12" locationValue="config/idexpertcert02.p12" pin="XXXX"/> </key> </keys> ...



Configure migration - general

The configuration is done in the migrate_general.properties file, which is structured as follows.



Atribute

Value

Importance

Atribute

Value

Importance

abortOnError

true/false

  • If true, the migration aborts (this is the default value).

  • If false, the migration continues despite errors.

printReport

true/false

  • If true, the migration saves a migration summary of the migrated tenants and their run data (this is the default value).

  • If false, there is no migration overview.

printDetailReport

true/false

  • If false, the migration does not write any details regarding the deviation of run data between SmartACT and Identity Manager (this is the default value).

  • If true, the migration writes details about the deviation of run data (status and number) in the migration overview.

prime.username



Name of the administrator of the respective tenant.

prime.userpassword



The administrator's password.

prime.tenantId



Tenant ID



Configure migration - persons

The configuration is done in the migrate_persons.properties file, which is structured as follows.









Configure migration - cards

The configuration is done in the migrate_cards.properties file, which is structured as follows.





















Configure migration - certificates

The configuration is done in the migrate_certificates.properties file, which is structured as follows.













Start migration

To start the migration:

  • run the batch file start_migration.bat on Windows
     or

  • run the shell script start_migration.sh on Linux/Unix.

Under Unix/Linux, give the shell scripts the correct rights using chmod.











Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions