Applicable SecureAuth IdP Versions: All Versions
Description: In some situations, you will need to copy the configuration of one realm in one server like a UAT or staging server to a production server, but you can't use the SecureAuth Backup Tool of File Sync Service because the servers don't have the same realms configured (which could be a problem for the Backup Tool) or they are in different versions of the IdP (which the File Sync will not be able to address).
Resolution:
Steps to Manually Copy a Realm's Configuration from One Server to Another
1. Go to the SecureAuth IdP server that you want to copy the configuration from and navigate to the System Info tab via the web admin UI of the realm that contains the configuration you want to copy.
2. Click on the Decrypt button.
3. Within the same server, open File Explorer and navigate to D:\SecureAuth\SecureAuth{X}, where {X} is the number of the SecureAuth realm containing the configuration you want to copy.
4. Look for the web.config file, which should show the modified date changed to reflect the time when you clicked on the Decrypt button as outlined in Step 2.
5. Copy the web.config file and drop it in D:\SecureAuth\SecureAuth{X} folder of the target server, i.e. the server that you want to copy the configuration over.
6. Open the web admin UI of the target server and perform the Update Web Config process. This is especially useful if you are copying the web.config file from an older version of the SecureAuth IdP.
Following the aforementioned steps will successfully copy the configuration of that realm from the source server to the destination server.
Things to Consider:
- If the realm is configured for SAML assertion, you will also need to copy the server certificate from the source server used for signing the assertion over to the destination server by exporting it with the private key, importing it, and grant Network Service access to its private key.
- If the realm is configured for Windows SSO, you will also need to grant Authenticated Users access to the private key as well.
- You will need to ensure that a certificate is selected in the License Info section of the System Info tab of the web admin UI (you need to click on the "Select Certificate" link to see if a radio button is selected). If no certificate is selected, you will need to copy the server certificate from the source server over to the target server the same way you would copy the SAML signing certificate.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products
Comments
Please sign in to leave a comment.