The Java for DirX Identity

Many essential DirX Identity components are implemented in Java. Therefore, at least one Java installation is required for using the product.

The Java for DirX Identity is Java 11, which is used by the core components of DirX Identity, such as Java-based servers, DirX Identity Manager and the Configuration utility.

Some DirX Identity components require deployment into an external Tomcat which runs with Java 11. The Java instance used by that Tomcat depends on the related Tomcat configuration.

In contrast to previous releases, this version needs an external Java installation and does not provide any embedded Java environment.

The advantages of a customer-supplied Java installation include:

  • The external Tomcat for DirX Identity applications can be configured so that they use this Java installation, too.

  • The installation can also be used for internet browser or browser applications.

  • Updating the Java installation is straightforward, with an official update package for the appropriate version. See the section “Security Updates for a Customer-supplied Java Runtime Environment“ for details.

Requirements Regarding the Java for DirX Identity

A customer-supplied Java must satisfy the following requirements to be selectable as the Java for DirX Identity:

  • The product must be an implementation of the Java Platform, Standard Edition (Java SE).

  • The related version number must be 11.0.xx.

  • The product must be a 64-bit distribution.

  • The distribution must be TCK tested (Technology Compatibility Kit for Java).

Supported Java products are for example:

  • Oracle Java SE 11 (LTS)

Security Updates for the Java for DirX Identity

Adoptium Eclipse Temurin JDK-11 This section describes how to perform security updates for the Java for DirX Identity.

Security Updates for a Customer-supplied Java Runtime Environment

This Java environment can only be updated with an official, downloadable update for the appropriate version (for example 11.0.xx), using the related standard method.

You must download the appropriate 64-bit patch.

General procedure:

  • Stop all DirX Identity services and close all DirX Identity programs.

  • If the file dxi_java_home/lib/security/cacerts contains own certificates, create a backup copy of that file so that it is outside dxi_java_home.

  • Download and install the Java update. Regarding the Java installation path, your options are:

    • Specifying the installation path so that it matches the current path of dxi_java_home. This ensures consistency with your product installation. This option is not recommended if your dxi_java_home already contains a path name of the form java-11.number.

    • Using the default installation path (for example, C:\Program Files\Java\java-11.number). This results into a new value for dxi_java_home to be propagated to the DirX Identity installation.

  • Put your own certificates from the backup copy into the updated and potentially relocated file dxi_java_home/lib/security/cacerts.

  • If the Java update from previous steps results in a different installation path, you must perform additional actions according to the section “Managing a Relocated Customer-Supplied Java”.

  • To verify your update regarding the Java version, run the suitable command in dxi_java_home/bin:

    • .\java -version (Windows platforms)

    • ./java -version (UNIX platforms)

  • Restart the services.

Managing a Relocated Customer-Supplied Java

These are the actions to be performed when the customer-supplied Java has been relocated due to a Java update.

  1. Revise these files regarding the new location of this Java :

    • Windows only: install_path/setdxienv.bat (setting of DXI_JAVA_HOME). Ensure that you specify the related path in Windows notation when updating this file. Here is a sample line:

      SET DXI_JAVA_HOME=C:\Program Files\Java\java-11

    • UNIX only: install_path/.dirxmetarc (setting of DXI_JAVA_HOME). Ensure that you specify the related path in UNIX notation when updating this file. Here is a sample line:

      DXI_JAVA_HOME=/opt/java-11

    • All platforms: install_path/configuration.ini (setting of dxi.java.home).

    Ensure that you specify the related path in Windows notation with escaped characters ":" following the drive letter and "\" character when updating this file for a Windows platform. Here is a sample line for Windows:

    dxi.java.home=C\:\\Program Files\\Java\\java-11

    Ensure that you specify the related path in UNIX notation with escaped "\" character when updating this file for a UNIX platform. Here is a sample line for UNIX:

    dxi.java.home=/opt/java-11

  2. Perform Initial Configuration for the Message Broker and the Java-based Servers.

  3. If you have configured Tomcat so that it uses the Java for DirX Identity, then configure Tomcat so that it uses the relocated Java.