Federation Manager Guide › Configuration Backup and Restoration › How To Copy an Existing Configuration to A New System › Back Up a Federation Manager Configuration

Back Up a Federation Manager Configuration

Preserving an existing Federation Manager configuration is necessary if you want to replicate the configuration on other systems or if you want to restore a prior configuration on a single system in case of a system problem.

This procedure requires the use of the XPSExport tool, which is shipped with Federation Manager. XPSExport enables you to export the configuration data to an XML file.

Important! Federation transactions may fail while the backup procedure is being executed.

To back up a Federation Manager configuration

1. Make a copy of the key database directory and save it in a safe location. The key database directory is located at:

   federation_mgr_home/siteminder/smkeydatabase

2. Log on to the Federation Manager UI.
3. Select the Federation tab and click Partnerships.

   The View Federation Partnerships window opens.

4. Select Deactivate from the Action menu next to each active partnership in the Federation Partnership list. This deactivates all the active partnerships.
5. If you enabled SSL either for the artifact back channel or for the Federation Manager UI, you must disable it, as follows:
   1. Click the Infrastructure tab and select SSL Configuration.

      The SSL Configuration dialog opens.

   2. Click Enable in the Embedded web SSL Configuration group box to change the setting to Disable.
   3. Click Activate in the Administrative UI SSL Configuration group box to change the setting to Deactivate.
6. If you changed the SSL status (enabled or disabled), restart the Federation Manager services, according to your platform.
   • Windows

     Use the Federation Manager stop and start shortcuts as follows:

     1. Start, All Programs, CA, FederationManager, Stop services
     2. Start, All Programs, CA, FederationManager, Start services
   • Solaris

     a. Open up a command window.

     b. Run the following scripts:

     federation_mgr_home/fedmanager.sh stop

     federation_mgr_home/fedmanager.sh start

     When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

     Note: Do not stop and start the services as the root user. You must be a non-root user.

7. Export the Federation Manager configuration by entering the following command from a command window:

   XPSExport export_file_name -xa -passphrase passphrase

   • export_file_name

     Names the output file that results from the export. The output from XPSExport is in XML format, therefore, the filename should end with the extension .xml.

   • passphrase

     Specifies the passphrase required to encrypt sensitive data. It must be at least eight characters and must contain at least one digit, one upper case and one lower case letter. If the passphrase contains a space, then it must be enclosed in quotes.

     NOTE: If you do not want to enter the passphrase directly, you may leave it off the command. XPSExport then prompts you for a passphrase and a passphrase confirmation, which will not be echoed to the screen.

You now have an XML file that contains encrypted configuration data, which you can use to replicate the configuration on a different system.

Important! After you successfully back up the configuration, return the backed-up system to its original state prior to the backup.