This documentation supports the 20.08 version of Remedy Single Sign-On, which is available only to BMC Helix subscribers (SaaS).To view an earlier version, select the version from the Product version menu.

Transferring data between Remedy SSO servers

You can export or import the configuration from one Remedy SSO server to another Remedy SSO server by running the data transfer tool from a command line on any local machine.


Related topic

Exporting-and-importing-Remedy-SSO-server-configuration

Data transfer tool usage considerations

Before you export or import the Remedy SSO server configuration, consider the following information:


  • Use the data transfer tool to export configuration from one BMC Helix SSO server (for example, QA server), and import it to another BMC Helix SSO server (for example, Dev server).
  • Do not export or import data between different versions of BMC Helix SSO server. The data transfer tool is designed to work across the same versions of BMC Helix SSO.
  • You cannot import issued tokens, sessions, authorization codes, and SAML signing and
    encryption certificates. The data transfer tool imports all other data.
  • You can import all configurations (including general configuration, launchpad settings, registered OAuth2 clients, administrator users, and tenants), or segments of the configuration (one or more realms with branding, associated local users or groups, and the assignments of those users and groups).
  • The import job runs as a single transaction.

Starting from the Remedy SSO 20.08 version, the delivery model has changed. Server installation files are not available. Instead, use the helm charts to deploy Docker containers via OpenShift or Rancher platforms.

To transfer Remedy SSO configuration

  1. In the command line, run the command with the specified properties, as shown in the following example:

( --env DB_JDBC_CONNECTION="jdbc:postgresql://172.21.128.1:5432/rsso" \
 --env DB_TYPE="postgres" \
 --env DB_USER="postgres" \
 --env DB_PWD="password" \)

      2. In the command line, run:

export or import.

The description of the properties of the source server is displayed in the following table:

You can perform one of the following tasks to import data. For more details about the command parameters, see Command parameters.

Task

Commands to run

Notes

To import realms

import <filename> -r <realm_list> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --realms <realm_list> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

The target realm will be overwritten by the realm which has the same name from the source tenant along with its local users and roles.

At the same time, local users of the realm in the target database that do not overlap with the imported ones remain unchanged.

To import and rename realms

import <filename> -r <realm1>:<realm1NewName>,<realm2>:<realm2NewName> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --realms <realm1>:<realm1NewName>,<realm2>:<realm2NewName> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

Ensure that the new name of a realm corresponds to the following requirements:

  • Must not exceed 80 characters, and can contain the following characters: 
    • Asterisk (*)
    • Underscore (_) 
    • Full stop '.',
    • En dash (-)
  • Must not be empty, and must have a unique name. 

If you rename a realm during import, and the target server has a realm with the same name, then the target realm is not overwritten, but a new realm is created.

To import OAuth clients to a target tenant


import <filename> -o <oauth_client_IDs_list> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --oauthclients <oauth_client_IDs_list> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

Not applicable

To import a source tenant to a target tenant

import <filename> -s <source_tenant_ID> -t <target_tenant_ID>

Or

import <filename> --sourcetid <source_tenant_ID> --targettid <target_tenant_ID>

If the target database already contains a tenant with the same ID as specified in the list, its data is completely overwritten during import. If SAAS_TENANT is specified in the list, it is always overwritten

This performs a full import of tenant data from rsso-config-export.zip source tenant to an existing tenant on the target server.

Command parameters

The following table describes the command parameters:

Parameter

Description

import <filename>

The default file name is rsso-config-export.zip.

-s or --sourcetid

Enter the name of a source tenant from which data will be imported.

-t or --targettid

Enter the name of a target tenant to which data will be imported.

-r  or--realms

Enter realms that you want to export. For example, <realmID1>,<realmID2>,<realmID3>.  Only specified realms with their related local users and groups are imported. All other configuration in the target database remain unchanged. You can also rename a realm during import.

-o or

--oauthclients

Enter client IDs that you want to export. For example, <clientIID1>,<clientIID2>,<clientID3>. When the client IDs are specified, only these OAuth2 clients are imported. All other configuration in the target database remains unchanged.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*