Federation Manager Guide › Upgrade or Migrate to Federation Manager r12.1 SP3 › How To Migrate a Configuration from One System to Another › Migrate a Federation Manager Configuration to a New System

Migrate a Federation Manager Configuration to a New System

Migrate a Federation Manager configuration to a new system to replicate the configuration. Copying an existing configuration avoids repeating the entire configuration process on the new system.

Use of the XPSImport tool to import an exported configuration. The XPSImport tool is shipped with Federation Manager.

Important! Follow the import steps exactly as outlined. Do not access the Certs & Keys tab in the Federation Manager UI until the copying procedure is complete.

To import a configuration to a new system

1. Install Federation Manager using the same settings for the new installation that were used for the installation of the original system.
2. Set up a new database instance to import the <fedmg> data objects.

   Important! Do not use an existing database. The import fails if you do.

3. Run the Configuration wizard, specifying the new database instance when prompted.

   Use the same settings for this new configuration used for the original system. These settings include:

   • Deployment mode
   • Port numbers
   • Virtual Host Name
   • SiteMinder Connector
4. Restore the key database that holds private key/certificate pairs (non-SSL) by doing the following:
   1. Rename or delete the directory /siteminder/smkeydatabase
   2. Copy the previously backed-up key database to the directory /siteminder.
5. Migrate SSL keys and certificate by doing one of the following:
   • Migrate SSL keys and certificates to the new system. Follow the SSL migration procedure to complete this task. Migrating SSL data lets you avoid the purchase of a new key or certificate.
   • Generate a new key/certificate request and then get the certificate signed. SSL certificates are not included in the imported configuration file.
6. Import all the configuration data using the XPSImport command. The syntax is as follows:

   XPSImport export_file_name -passphrase passphrase

   export_file_name

   Names the XML file that resulted from the export of the original configuration. The filename should end with the extension .xml.

   passphrase

   Specifies the passphrase required to decrypt sensitive data. This must be the same passphrase that was used to encrypt the data when it was exported to the file. Obtain the passphrase from the administrator who created the XML file originally.

   The passphrase must be at least eight characters and must contain at least one digit, one upper case and one lower case letter. If the passphrase contains a space, then it must be enclosed in quotes.

7. Stop Federation Manager services according to your platform.

   Windows

   Use the Federation Manager stop shortcut. If you logged in as a network user and not a local administrator, right-click the shortcut and select Run as administrator.

   Select Start, All Programs, CA, FederationManager, Stop services.

   UNIX

   1. Open a command window.
   2. Run the following script:

      federation_mgr_home/fedmanager.sh stop

      When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

      Note: Do not stop and start the services as the root user.

8. Rerun the Configuration wizard, using the same settings as the Federation Manager configuration on the original system. These settings include:
   • Deployment Mode
   • Port numbers
   • Virtual Host Name
   • SiteMinder Connector

   Important! If you manually changed the Apache Tomcat http.conf file or the SPS server.conf file, make those same changes to those files on the new system.

After all the data is migrated, reactivate partnerships.