PingAccess 7.3 and later no longer support AWS CloudHSM Client SDK 3.
- If you're upgrading the CloudHSM Client SDK from 3.x to 5.x, see Upgrading from Client SDK 3 to Client SDK 5 before trying to add a CloudHSM provider in the PingAccess administrative console.
- If you are creating a new installation of AWS CloudHSM Client SDK 5, see Setting up a new installation of AWS CloudHSM before trying to add a CloudHSM provider in the PingAccess administrative console.
Follow these steps to set up Client SDK 5 and integrate it with PingAccess even if you're just upgrading the Client SDK from 3.x to 5.x. Client SDK 5 no longer uses a client daemon. This changes the steps necessary to set up an AWS CloudHSM provider because the client process doesn't run separately from PingAccess anymore.
To add an AWS CloudHSM provider in the PingAccess administrative console:
- In PingAccess, go to , and click + Add HSM Provider.
- In the Name field, enter a name for the HSM provider.
- In the Type list, select AWS CloudHSM Provider.
- In the User field, enter a username used to connect to the HSM provider.
- In the Password field, enter a password used to connect to the HSM provider.
- Optional: In the Partition field, enter the partition to use on the HSM provider.
- Click Save.
- Restart PingAccess.
PingAccess 7.3 and later contain a workaround to bypass the following known issues by default:
RSASSA-PSSsigning algorithms fail with
Java8u261or later. HSM vendors and core Java use different naming conventions for the
- PingAccess Cloud HSM
functionality works in FIPS mode but not in regular mode for
If you experience either of these known issues, you can edit the
additional.security.jdk.tls.disabledAlgorithms property in the
run.properties file to bypass them. For more information,
see the following example: