- This line was added.
- This line was removed.
- Formatting was changed.
The configuration of Smart ID Identity Manager (PRIME) is defined with Identity Manager Admin (PRIME Designer) and then synchronized to the installation where Identity Manager main client operator UI (PRIME Explorer) is running.
To avoid any modification on the transport path, the configuration file can be signed. The signature will be verified when the configuration is read into the target system.
The keys and certificates used for signing and verification are configured in the encrypt and sign engine's configuration, in engineSignEncryptConfig.xml. The certificate used for signing and verifying the configuration file is specified in the key referenced by the descriptor "ConfigZipSigner". Read more in this article: Sign and encrypt engine in Identity Manager.
Also, read more in Transfer configuration to Smart ID Identity Manager.
The "ConfigZipSigner" descriptor of the sign and encrypt engine must be configured.
The settings described here are configured in system.properties, which is located in:
- webapps/<ID_MANAGER_ADMIN-DIRECTORY>/WEB-INF/classes/ respective
The format used to sign the configuration is that of a signed JAR. Below is described what constitutes a valid signature in this case.
You can configure the Identity Manager main client and Identity Manager Admin to sign the configuration when it is exported. By default, signing is enabled.
To explicitly enable or disable the signing of the configuration:
Validation of the configuration consists of the following checks:
You can enable or disable the verification of the configuration when it is imported by the Identity Manager main client and Identity Manager Admin.
You can configure whether the Identity Manager main client and Identity Manager Admin will allow importing a configuration based on the results of the validation.
To configure in what way a configuration can be uploaded:
For experts only: under very special circumstances it may be useful to remove the signature of the configuration file, thus making the configuration unsigned.
As described, the behavior regarding signing, validation and upload of the configuration can be adapted to your needs by editing the file system.properties. Keeping the default values Enabling these features is strongly recommended. Here's a summary of the relevant recommended settings that were described above: