Layer7 API Management

  • 1.  CA Gateway Identity Provider Migration

    Posted Mar 27, 2019 05:45 AM

    Hi,

     

    What I want to do:

    I have a question related to the migration of Identiy Providers. Is there an option with the migration Tool to migrateOut the Identity Provider and use migrateIn to load the configuration to another gateway?

     

    What I tried:

    I couldn't find an option to just export the identity Providers with migrateOut. So my idea was then to export all and after use manageMappings to just get the IdentityProvider objects (references in this case the ID_PROVIDER_CONFIG references and mappings). And then to use migrateIn to see if the identity providers are loaded properly.

     

    But the manageMappings command exported no references, just the mappings.

    ./GatewayMigrationUtility.sh manageMappings --bundle bundle.xml --outputFile bundle.xml --type ID_PROVIDER_CONFIG --action NewOrUpdate

     

    So I tried to copy the references manually (from the full migrateOut before) into the bundle.xml file created by the manageMappings tool. And then I tried to migrateIn this bundle.xml :-) but it failed with an nullpointerexception.



  • 2.  Re: CA Gateway Identity Provider Migration

    Posted Mar 27, 2019 08:18 AM

    Hello,

     

    Have you tried using the GMU restman utility?

     

    Link:

    restman command - CA API Gateway - 9.3 - CA Technologies Documentation 

     

    Export the idp configuration from source gateway 

    ./GatewayMigrationUtility.sh restman -z source.properties --method GET --path '1.0/identityProviders/{identityProviderID}' --response IDProviderResponse.xml

     

    Import the config to the target gateway

    ./GatewayMigrationUtility.sh restman -z target.properties --method PUT --path '1.0/identityProviders/{identityProviderID}' --request IDProviderResponse.xml

     

     

    Before you import, you may have to format the xml to remove the unnecessary content.

     

    Cheers,

    Adarsh



  • 3.  Re: CA Gateway Identity Provider Migration

    Posted Mar 28, 2019 04:45 AM

    Hi Adarsh,

     

    thank you for your answer, I used restman to Export the Identity Provider, like you described.

    Then I tried to Import the XML and  I get the following error:

     

    <?xml version="1.0" encoding="UTF-8"?>

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

    <soapenv:Body>

    <soapenv:Fault>

    <faultcode>soapenv:Server</faultcode>

    <faultstring>Policy Falsified</faultstring>

    <faultactor>https://gateway.dir/restman/1.0/identityProviders/b279f5862c9604722581f3db9fda9cc7</faultactor>

    <detail>

    <l7:policyResult status="Error in Assertion Processing" xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>

    </detail>

    </soapenv:Fault>

    </soapenv:Body>

    </soapenv:Envelope>

     

    You wrote removing unnecessary content, what content do you mean?

     

    Best regards,

    Raoul



  • 4.  Re: CA Gateway Identity Provider Migration

    Posted Mar 28, 2019 05:10 AM

    Here are the few things that needs to be done.

     

    1. Remove all the xml tags that precedes <l7:IdentityProvider>.  Ensure you remove the closing tags at the bottom as well.

    You should be having the firstline something like below

    <l7:IdentityProvider id="123456789" version="18">

    and last line as </l7:IdentityProvider>

     

    2. Now remove the attributes "id" and "version" from the <l7:IdentityProvider> tag and add the namespace

    You should be having the firstline something like below

    <l7:IdentityProvider xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">

    and last line as </l7:IdentityProvider>

     

    3. Import the xml into target gateway

    ./GatewayMigrationUtility.sh restman -z target.properties --method PUT --path '1.0/identityProviders/{identityProviderID}' --request IDProviderResponse.xml

     

    Please try this and let me know how it goes.

     

    Thanks,

    Adarsh



  • 5.  Re: CA Gateway Identity Provider Migration

    Posted Mar 28, 2019 10:43 AM

    Hi adarshshetty 

    If only one item will be exported using restman, you can use the --unwrapItem option in restman command line.

    This way, you can skip the step 1 of your explanation.



  • 6.  Re: CA Gateway Identity Provider Migration

    Posted Apr 01, 2019 02:28 AM

    Many Thanks danle01 for letting me know this.



  • 7.  Re: CA Gateway Identity Provider Migration

    Posted May 15, 2019 04:10 PM

    it worked for me after doing step 2 as you said

    i am having one challenge though, it did not migrated the the bind account password.

    do i need to make any additional action for that.