Federation Manager Guide › Configuration Backup and Restoration › How To Copy an Existing Configuration to A New System › Copy a Federation Manager Configuration to a New System

Copy a Federation Manager Configuration to a New System

You can copy a backed-up Federation Manager configuration to a new system to replicate the configuration. This avoids having to go through the entire configuration process.

Copying a configuration requires the use of the XPSImport tool, which is shipped with Federation Manager.

Important! Follow the import steps exactly as outlined. Do not access the Certs & Keys tab in the Federation Manager UI until the copying procedure is complete.

To copy a configuration to a new system

1. Install Federation Manager using the same settings for this new installation that were used for the installation on the original system. These settings include:
   • Deployment mode
   • SiteMinder Connector
2. Run the Configuration wizard, using a new database instance.

   Use the same settings for this new configuration that were used when Federation Manager was configured on the original system. These settings include:

   • Port numbers
   • Virtual Host Name

   Important! Do not use an existing database. The import fails if you do.

3. Restore the key database that holds keys and certificates by doing the following:
   1. Rename or delete the directory /siteminder/smkeydatabase
   2. Copy the previously backed-up key database to the directory /siteminder.
4. Restore all other configuration data using the XPSImport command, as follows:

   XPSImport export_file_name -passphrase passphrase

   • export_file_name

     Names the XML file that resulted from the export of the original configuration. The filename should end with the extension .xml.

   • passphrase

     Specifies the passphrase required to decrypt sensitive data. This must be the same passphrase that was used to encrypt the data when it was exported to the file. Obtain the passphrase from the administrator who created the XML file originally.

     The passphrase must be at least eight characters and must contain at least one digit, one upper case and one lower case letter. If the passphrase contains a space, then it must be enclosed in quotes.

5. Stop Federation Manager services, as follows:

   Windows

   Select Start, All Programs, CA, FederationManager, Stop services.

   Solaris

   1. Open a command window.
   2. Run the following script:

      federation_mgr_home/fedmanager.sh stop

      When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

      Note: Do not stop and start the services as the root user. You must be a non-root user.

6. Rerun the Configuration wizard, using the same settings as the Federation Manager configuration on the original system. These settings include:
   • Port numbers
   • Virtual Host Name
7. Log back in to the Federation Manager UI.
8. Select the Federation tab and click Partnerships.

   The View Federation Partnerships window opens.

9. Select Activate from the Action menu next to each deactivated partnership in the Federation Partnership list. This re-activates all the partnerships.
10. (Optional) If the SiteMinder Connector was enabled in the original configuration, you have to re-establish the Connector by doing the following:
    1. Click the Infrastructure tab and select Deployment Settings.
    2. Reconfigure the SiteMinder Connector settings using the same values that were used by the original configuration.
    3. Click Register Host to re-register Federation Manager with the SiteMinder Policy Server.
11. If SSL was enabled in the original configuration, re-enable it as follows:
    1. Click the Infrastructure tab and select SSL Configuration.

       The SSL Configuration dialog opens.

    2. Click Disable in the Embedded web SSL Configuration group box to change the setting back to Enable.
    3. Click Deactivate in the Administrative UI SSL Configuration group box to change the setting to Activate.

    Important! Do not access the Certs & Keys tab in the Federation Manager UI until the copying procedure is complete.

    Enabling SSL for the embedded web server requires that you generate a new key/certificate request and then get the certificate signed. SSL certificates are not included in the imported configuration file.

12. If you changed the SSL status (enabled or disabled), restart the Federation Manager services, according to your platform.
    • Windows

      Use the Federation Manager stop and start shortcuts as follows:

      1. Start, All Programs, CA, FederationManager, Stop services
      2. Start, All Programs, CA, FederationManager, Start services
    • Solaris

      a. Open up a command window.

      b. Run the following scripts:

      federation_mgr_home/fedmanager.sh stop

      federation_mgr_home/fedmanager.sh start

      When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

      Note: Do not stop and start the services as the root user. You must be a non-root user.

The system should now be operating with the same configuration as the original system.