This documentation supports the 20.02 version of Remedy Single Sign-On.To view an earlier version, select the version from the Product version menu.

Transferring data between Remedy SSO servers

You can export or import the configuration from one Remedy SSO server to another Remedy SSO server by running the data transfer tool from a command line on any local machine.


Related topic

Importing-and-exporting-Remedy-SSO-server-configuration

Data transfer tool usage considerations

Before export and import of Remedy SSO server configuration, take into account the following considerations:

  • Use the data transfer tool when you need to export configuration from one Remedy SSO server (for example, QA server), and import it to another Remedy SSO server (for example, Dev server).
  • The data transfer tool is designed to work across the same versions of Remedy SSO. You must not export or import data between different versions of Remedy SSO server.
  • The data transfer tool imports all data, except issued tokens, sessions, authorization codes, and SAML signing and encryption certificates.
  • You can import all configurations (including general configuration, launchpad settings, registered OAuth2 clients, administrator users, and tenants), or segments of the configuration (one or more realms with branding, associated local users or groups, and the assignments of those users and groups).
  • The import job runs as a single transaction. 

Data transfer task overview

To transfer a configuration from one Remedy SSO server to another server, perform the following tasks:

  1. Prepare for the data transfer.
  2. Export the complete configuration of a source server.
  3. Import segments of the configuration to a target server. 

To prepare for data transfer 

Before you use the data transfer tool, perform the following steps:

  1. Download Remedy SSO server installation files to a server on which you will run the data transfer tool. 
  2. Ensure that the application.properties and data-transfer-tool.jar files are located in the same directory (for example, C:\Program Files\BMC Software\RemedySSO\tools\dataTransferTool). 

To export Remedy SSO configuration 

  1. Set the properties of the source server in the application.properties file as required:

    Properties

    Value

    datasource.url

    <jdbc_connection_string>
    For example: (MsSQL server) jdbc:sqlserver://<sql_server>:1433;DatabaseName=rsso

    db.type
    <mssql|postgres|oracle>
    db.username
    <db_username>
    db.password
    <db_password_plaintext>
  2. In the command line, run either of the following commands:
    • (Interactive shelljava -jar data-transfer-tool.jar
    • (Batch executionjava -jar data-transfer-tool.jar @<full_path_to_command_file.txt>

  3. To use the data transfer tool in interactive shell mode, run the following command to export all the data:

    export <filename>

    If you do not specify <filename>rsso-config-export.zip filename is used. Along with the exported data file, a checksum is generated. The checksum is md5Hash generated based on the content of the exported data

    Note

    You must not modify the contents of this exported zip file. 

    Make sure the exported file is stored securely. 

To import Remedy SSO configuration 

  1. Set the properties of the target server in the application.properties file as required:

    Properties

    Value

    datasource.url

    <jdbc_connection_string>
    For example: (MsSQL server) jdbc:sqlserver://<sql_server>:1433;DatabaseName=rsso

    db.type
    <mssql|postgres|oracle>
    db.username
    <db_username>
    db.password
    <db_password_plaintext>
  2. Run either of the following commands to use the required operation mode:
    • (Interactive shelljava -jar data-transfer-tool.jar
    • (Batch execution)  java -jar data-transfer-tool.jar @<full_path_to_command_file.txt>
  3. Compete one or more of the following tasks to import data. For more details about the command parameters, see Command parameters.

Task

Commands to run

Notes

Import realms

import <filename> -r <realm_list> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --realms <realm_list> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

If the target tenant has the same realm name as the imported one, it will be overwritten by the realm with the same name from the source tenant along with its local users and roles.

At the same time, local users of the realm in the target database which do not overlap with the imported ones remain unchanged.

To import and rename realms

import <filename> -r <realm1>:<realm1NewName>,<realm2>:<realm2NewName> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --realms <realm1>:<realm1NewName>,<realm2>:<realm2NewName> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

Ensure that the new name of a realm corresponds to the following requirements:

  • Can have a maximum of 80 characters, and can contain the following characters: 
    • Asterisk (*)
    • Underscore (_) 
    • Full stop '.',
    • En dash (-)
  • Must not be empty, and must have a unique name. 

If you rename a realm during import, and the target server has a realm with the same name, then the target realm is not overwritten, but a new realm is created.

To import OAuth clients to a target tenant


import <filename> -o <oauth_client_IDs_list> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --oauthclients <oauth_client_IDs_list> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

Not applicable

To import a source tenant to a target tenant

import <filename> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

If the target database already contains a tenant with the same ID as specified in the list, its data is completely overwritten during import. If SAAS_TENANT is specified in the list, it is always overwritten

This performs a full import of tenant data from rsso-config-export.zip source tenant to an existing tenant on the target server.

Running the export command results in the output as an archive (zip) containing all necessary segments of configuration and calculated checksum of all data payload. You must not manually change the contents of the archive. This file can be used for further importing by the same tool.

Command parameters reference

The following table describes the command parameters:

Parameter

Description

import <filename>

The default file name is rsso-config-export.zip.

-s or --sourcetid

Enter the name of a source tenant from which data will be imported.

-t or --targettid

Enter the name of a target tenant to which data will be imported.

-r  or--realms

Enter realms that you want to export. For example, <realmID1>,<realmID2>,<realmID3>.  Only specified realms with their related local users and groups are imported. All other configuration in the target database remain unchanged. You can also rename a realm during import.

-o or

--oauthclients

Enter client IDs that you want to export. For example, <clientIID1>,<clientIID2>,<clientID3>. When specified, only these OAuth2 clients are imported. All other configuration in the target database remains unchanged.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*