Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-14324

We need to be able to run Jetty.xml from a Project directory



    • Target Version/s:
    • Verified Version/s:
    • Story Points:
    • Sprint:
      2020.04 - IDM
    • Support Ticket IDs:
    • Zendesk ID:


      Customer has harden their servers using HSM.  Customer wants to run his entire project in a separate directory and remove any conf information from the openidm default install path.  Customer wants to have


      ├── openidm/
      │ ├── bin
      │ ├── bundle
      │ ├── cli.sh

        ── script
        ── connectors
        ── legal-notices
        ── lib
        ── resolver
        ── getting-started.sh
        ── startup.sh
      └── shutdown.sh

      └── cams/


      Directory structure, with conf existing only in the cams directory.  The problem here is that due to how we call the keystore location, we need to have a conf directory underneath openidm (default path to conf/jetty.xml).  Per conversation with Dev:

      The jetty.xml reads the keystore settings from the Param class in IDM. It automatically sets the keystore type and other keystore settings. I think we did some trickery with the keystore location for jetty since jetty complains if you provide it a location that is not a file.Yeah the trickery is this

           * Gets the keystore location.
           * @return the keystore location, as absolute path, or if the path is NONE, return the jetty.xml file location.
          public static String getKeystoreLocation() {
              final String path = getProperty(KEYSTORE_LOCATION);
              if (path != null && NONE.equalsIgnoreCase(path)) {
                  return IdentityServer.getFileForInstallPath(JETTY_CONF_LOCATION).getAbsolutePath();
              return getPathProperty(KEYSTORE_LOCATION);

      So if it is PKCS11 (NONE.equalsIgnoreCase(path)) we set the jetty file location to the install_path/conf/jetty.xml. This is probably why you are seeing the failure. If they moved the jetty.xml file outside of the install path then that would fail to resolve to an actual file and jetty will complain.I think we should have used getFileForProjectPath() instead of getFileForInstallPath

      Workaround(customer testing this):
      You can easily fix/test this though. Open the jetty.xml and for these 2 entries change the keystorePath and trustStore path to any file that exists on the file system


      For example {{<Set name="keyStorePath">my_file_that_exists</Set> }} something like that. Just remember the file has to exist Jetty won't use it for pkcs11, but it has to exist





            ramya.srinivassan Ramya Srinivassan
            jesse.ontiveros Jesse Ontiveros
            0 Vote for this issue
            4 Start watching this issue