User UI Installation, v5.0

User-UI is used for web-based softkeys activation and renewal, using the users NemID POCES. This option using MOCES2 certificates for supports healtcare systems with EOJ integration to GlobalID.

User-UI can run in the same Tomcat as the GlobalID server or can be deployed on a seperate Tomcat installation.

1. Requirements

  • Tomcat 9

  • Java 11

  • VOCES certificate for identification to the POCES applet: A valid VOCES certificate must be imported into a java keystore an must be placed on the file system and pointed out at the configuration file. The VOCES certificate will be used for service provider encryption when verifying user identity using person’s personal national certificate (POCES).

  • Connection to GlobalID BPM and a valid GlobalID api application and key

  • Optional SSO/IDP configuration

2. Configuration

Copy the files in <INSTALL_SET>/user-ui/webapps/ into the webapps folder in tomcat.

Copy the default configuration file from <INSTALL_SET>/user-ui/config to: /var/opt/GlobalID/


Set encryption.password to a random string of 32 chars.


Update the configuration file with the installation related values.


NOTE the 4 parameters listed below must be encrypted using the CryptoService.jar file in <INSTALL_SET>/user-ui/encrypt using the random password in encryption.password:


  • camunda.service.account.api.key

  • poces.service.provider.keystore.password

  • poces.service.provider.keypair.password


Default configuration file:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 encryption.password=<random> idp.sso.metadata.url=https://<host>:<port>/nidp/saml2/metadata idp.sso.enabled=false<encrypted-api-name> camunda.service.account.api.key=<encrypted-api-key> camunda.url=https://<host>:<port>/ #Poces service provider poces.service.provider.keystore.password=<encrypted-keystore-password> poces.service.provider.keypair.alias=<voces-alias> poces.service.provider.keypair.password=<encrypted-keypair-password> poces.service.provider.nemid.source.endpoint= poces.service.provider.keystore.location=/var/opt/GlobalID/<voces-filename>.jks

3. IDP configuration

By default SSO/IDP is disabled.

If configure IDP based SSO please change the idp.sso.enabled to true and configurre the idp.sso.metadata.url to a valid identity provider.