Federation Manager Guide › Failover Support for Federation Manager › Maintaining Configuration Changes in a Failover Environment › Maintain the Key Database Across Each Federation Manager System

Maintain the Key Database Across Each Federation Manager System

The Federation Manager key database stores private keys and certificates and is independent from the database that stores the Federation Manager configuration and application data.

The key database is local to each Federation Manager system. As a result, if any changes are made to the key database files on the primary system, these changes need to be copied to the secondary system.

To copy the key database from the primary to the secondary system

1. Navigate to the following directory at the primary system:

   federation_mgr_home/siteminder/smkeydatabase

2. Copy the directory.
3. Stop Federation Manager services on the secondary system.

   Stop Federation Manager services, as follows:

   Windows

   Select Start, All Programs, CA, FederationManager, Stop services.

   Solaris

   1. Open a command window.
   2. Run the following script:

      federation_mgr_home/config/fedmanager.sh stop

      When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

4. On the secondary system, rename or delete the existing directory federation_mgr_home/siteminder/smkeydatabase.
5. Place the copy in the federation_mgr_home/siteminder/smkeydatabase directory on the secondary system.
6. Start the Federation Manager services, as follows:

   Windows

   Select Start, All Programs, CA, FederationManager, Start services.

   Solaris

   1. Open a command window.
   2. Run the following script:

      federation_mgr_home/fedmanager.sh start

      When you run the fedmanager.sh script, it sources the Federation Manager environment script, ca_federation_env.ksh.

      Note: Do not stop and start the services as the root user. You must be a non-root user.