×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

 

This documentation supports the 22.1 version of BMC Helix Single Sign-On, which is available only to BMC Helix customers (SaaS). 

To view an earlier version, select the version from the Product version menu.
BMC Helix Single Sign-On 22.1 Administering

Transferring data between BMC Helix SSO servers

You can export or import the configuration from one BMC Helix Single Sign-On server to another BMC Helix SSO server by running the data transfer tool from a command line on any local machine.


Related topic

Exporting and importing BMC Helix SSO server configuration

Data transfer tool usage considerations

Before you export or import the BMC Helix SSO server configuration, consider the following information:

  • Use the data transfer tool when you need to export configuration from one BMC Helix SSO server (for example, QA server), and import it to another BMC Helix SSO server (for example, Dev server).
  • The data transfer tool is designed to work across the same versions of BMC Helix SSO. You must not export or import data between different versions of BMC Helix SSO server.
  • The data transfer tool imports all data, except issued tokens, sessions, authorization codes, and SAML signing and encryption certificates.

  • You can import all configurations (including general configuration, launchpad settings, registered OAuth2 clients, administrator users, and tenants), or segments of the configuration (one or more realms with branding, associated local users or groups, and the assignments of those users and groups).

  • The import job runs as a single transaction. 

Model change in 22.1 version

Starting from the BMC Helix SSO 22.1 version, data transfer process requires to create a command_import.txt file in the user file system. The data specified in the file is mapped with the the container's directory. When the container starts, all the data from the file is recorded into the container.

To export or import data

  1. In your file system, create /opt/datatool/command_import.txt file.
  2. Grant this file with the Read, Write and Execute permissions.

  3. To execute the export of configuration from the source server, open command_import.txt in edit mode. Add a command for export with a full path and archive file name where exported data will be saved. For example, export /opt/datatool/data/hsso-config-import.zip

  4. Save the file.

  5. In the command line, run the following command: 

    docker run -v /opt/datatool/:/opt/datatool/data/ \
     --env DB_JDBC_CONNECTION="jdbc:postgresql://172.21.128.1:5432/rsso" \
     --env DB_TYPE="postgres" \
     --env DB_USER="postgres" \
     --env DB_PWD="password" \
    aus-harboreg-01.bmc.com/rsso/datatransfer:HSSO_XX.XX.XX-RTM @/opt/datatool/data/command_import.txt

  6.  To import data to the target server, open command_import.txt and update it with the import command. Change export to import. Provide the full path to the zip archive file and keep its name the same. Add the sours tenant ID from which data was exported and the target tenant ID to which data will be imported. For example, import /opt/datatool/data/hsso-config-import.zip -s 00000000-0000-0000-0000-000000000000 -t 00000000-0000-0000-0000-000000000000
  7. Save the file.
  8. In the command line, run the command from step 5.

The description of the docker run command parameters is displayed in the following table:

ParameterDescription
DB_JDBC_CONNECTIONThe JDBC connection string address
For example: (PostgreSQL server) jdbc:postgresql://172.21.128.1:5432/rsso
db.typeThe type of a database
db.passwordThe password of a database
db.usernameThe name of a database
opt/datatool/dataContainer's directory which acquires the file's path


Available options to import data

Complete one or more of the following tasks to import data. For more details about the command parameters, see Import command parameters.

TaskCommands to runNotes
Import realms
import <filename> -r <realm_list> -s <source_tenant_ID> -t <target_tenant_ID>
Or
import <filename> --realms <realm_list> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

The target realm will be overwritten by the realm which has the same name from the source tenant along with its local users and roles.

At the same time, local users of the realm in the target database that do not overlap with the imported ones remain unchanged.

To import and rename realms 

import <filename> -r <realm1>:<realm1NewName>,<realm2>:<realm2NewName> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --realms <realm1>:<realm1NewName>,<realm2>:<realm2NewName> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

Ensure that the new name of a realm corresponds to the following requirements:

  • Must not exceed 80 characters, and can contain the following characters:  

    • Asterisk (*)

    • Underscore (_) 

    • Full stop '.',

    • En dash (-)

  • Must not be empty, and must have a unique name. 

If you rename a realm during import, and the target server has a realm with the same name, then the target realm is not overwritten, but a new realm is created.

To import OAuth clients to a target tenant


import <filename> -o <oauth_client_IDs_list> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --oauthclients <oauth_client_IDs_list> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>
Not applicable
To import a source tenant to a target tenant
import <filename> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

You must first create a target tenant in the target database before you run the data transfer tool. A target tenant ID is auto-generated and unique for each tenant. The ID can be identical only for SaaS source and target tenants.

The cookie domain is overwritten to a default value. You must manually change it to the value of the source tenant.

To rename a tenant during the realm migration
import <filename> -r <oldRealmName>:<newRealmName>><newTenantValue>,
<oldRealmName>><newTenantValue> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> -r <oldRealmName>:<newRealmName>><newTenantValue>,
<oldRealmName>><newTenantValue> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>
Specify the new value in the tenant field inside the particular realm before the realm migration.

Import command parameters

The following table describes the  import command parameters:

ParameterDescription
import <filename>Command to perform import of data (obligatory).
-s or --sourcetidEnter the ID of a source tenant from which data will be imported.
-t or --targettidYou must first create a target tenant in the target database before you run the data transfer tool. A target tenant ID is auto-generated and unique for each tenant. The ID can be identical only for SaaS source and target tenants.
-r  or--realmsEnter realms that you want to export. For example, <realmID1>,<realmID2>,<realmID3>.  Only specified realms with their related local users and groups are imported. All other configuration in the target database remain unchanged. You can also rename a realm during import.

-o or

--oauthclients

Enter client IDs that you want to export. For example, <clientID1>,<clientID2>,<clientID3>. When the client IDs are specified, only these OAuth2 clients are imported. All other configuration in the target database remains unchanged.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Priya Shetye on Jan 05, 2024
task administering reference

Comments

Log in or register to comment.

Exporting and importing BMC Helix SSO server configuration
Reviewing audit records
© Copyright 2013 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.