by IDAMGroup
CA Siteminder Backup tools
CA Siteminder r12.x Policy Server command line backup tools
This post will guide you to take backup of Policy Server objects using XPSExport and XPSImport (XML Based Export and Import). Prior to r12.x Siteminder Policy Server objects are exported using smobjimport and smobjexport which exports objects using SMDIF format (Siteminder Data interchange Format).
XPSExport
XPSExport supports the below following task for migration or taking backups.
- Export all the security data.
- Export all the policy data.
- Export all the configuration data.
- Export a portion of the policy data.
Example of how to export a policy data
XPSExport output_file.xml -xo object_id -npass -vT -l log_file
XPSExport c:/shared/agent_export1.xml -xo CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07 -npass -vT -l c:/shared/export_aget1.log
XID is CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07
So how to find the XID’s? Using XPSExplorer
First set the Siteminder path in the Environment variable, so you can access the siterminder policy server tool commands from any path.
XPSExplorer
Used to explore the policy store object and find the XID’s.
XCart -. XCart allows you to save the Objects XID’s in a file so that it can be used to export using XPSExport.
XPSExplorer shows you 4 different section
- CDS – Certificate Data Store
- EPM – Enterprise Policy Management
- FED – Federation
- SM – Siteminder Objects
Xxample of how to find an object XID and save that object in a file using XCart and export the object using XPSExport.
Login to the Policy Server and open the Command prompt.
C:\Users\Administrator>XPSExplorer [XPSExplorer - XPS Version 12.51.0000.905] Log output: XPSExplorer.2014-02-21_140049.log (WARN) : [sm-xpsxps-03500] CA.SPS: No product library. MAIN MENU******************************************************************* CA (Vendor) 85- AgentType* CDS (Product) 86- AgentTypeAttr 3- Certificate* 87- AuthAzMap* 4- CRLRevocationData* 88- AuthScheme* 5- OCSPRevocationData* 89- AuthValidateMap* EPM (Product) 90- AzIdentityMappingEntry 7- Application* 91- CertMap* 8- ApplicationGroup* 92- ConfigParameter* 9- AttributeMapping 93- ConfigParametersWithRule* 10- CapabilityGroup 94- Domain* 11- LDAPUserDirectory 95- GlobalDomain 12- ODBCQuery 96- GlobalPolicy 13- ODBCUserDirectory 97- GlobalPolicyLink 14- ResponseConstraint 98- GlobalRealm 15- Role 99- GlobalResponse FED (Product) 100- GlobalResponseAttr 17- ArtResService* 101- GlobalResponseGroup 18- AssConService* 102- GlobalRule 19- AttributeAuthorityConfig* 103- GlobalRuleGroup 20- AttributeMapping* 104- GlobalUserPolicy 21- AttributeRequesterConfig* 105- GlobalVariable 22- AttributeService* 106- HostConfig* 23- AttributeSource* 107- IdentityMapping 24- AuthnContextMapping* 108- IdentityMappingEntry 25- AuthnContextTemplate* 109- ODBCQuery* 26- BackchannelConfig* 110- PasswordPolicy* 27- Certificate* 111- Policy 28- ContactPerson* 112- PolicyLink 29- EncryptionConfig* 113- Realm 30- Endpoint* 114- RegularExpr 31- GlobalConfig* 115- ResourcePartnerUsers 32- IdPBase* 116- Response 33- IdPLocal 117- ResponseAttr 34- IdPPartnership 118- ResponseGroup 35- IdPRemote 119- RootConfig* 36- MetadataExchangeConfig* 120- Rule 37- NameIDConfig* 121- RuleGroup 38- OpenCookieConfig* 122- SAMLAffiliation* 39- Organization* 123- SAMLv1IdP 40- PartnershipBase* 124- SAMLv1SP 41- PhysicalAttributeMapping* 125- SAMLv2IdP 42- SAML1xAssnConService* 126- SAMLv2SP 43- SAML1xAssnRetrService* 127- SelfReg* 44- SAML1xAttribute* 128- ServiceProviderUsers 45- SAML1xConsToProdPartnership 129- SharedSecretPolicy* 46- SAML1xConsumerLocal 130- STSEndpoint 47- SAML1xConsumerRemote 131- STSRelyingParty 48- SAML1xEntityBase* 132- STSUsers 49- SAML1xPartnershipBase* 133- STSWebService* 50- SAML1xProdToConsPartnership 134- TrustedHost* 51- SAML1xProducerLocal 135- UserDirectory* 52- SAML1xProducerRemote 136- UserPolicy 53- SAML1xSSOService* 137- ValidateIdentityMappingEntry 54- SAML2Attribute* 138- Variable 55- SiteMinderConnector* 139- VariableType* 56- SLOService* 140- WSFEDIdP 57- SPBase* 141- WSFEDSP 58- SPLocal 142- WSSecurityIdP 59- SPPartnership 143- XMLDCCIdP 60- SPRemote 144- XMLDSigIdP 61- SSOService* SPS (Product) 62- StandaloneStoreVersion* 146- AgentConfiguration 63- StatusRedirects* 147- ApacheConfiguration 64- UserMapping* 148- ErrorMessages 65- WSFEDEntityBase* 149- HttpClientLoggingProperties 66- WSFEDIPLocal 150- LoggerProperties 67- WSFEDIPRemote 151- MetricReporter 68- WSFEDIPToRPPartnership 152- ProxyConfiguration 69- WSFEDPartnershipBase* 153- ProxyFilter 70- WSFEDPassiveRequestorEndpoint* 154- ProxyFilterGroup 71- WSFEDRPLocal 155- ProxyRules 72- WSFEDRPRemote 156- ProxyServer* 73- WSFEDRPToIPPartnership 157- ProxyServerGroup* 74- WSFEDSecurityTokenConsSvc* 158- SessionScheme 75- WSFEDSignoutEndpoint* 159- SessionSchemeMapping SM (Product) 160- SPSConfiguration 77- Admin* 161- UserAgent 78- AffiliateDomain 162- VirtualHost 79- AffiliateUsers 163- VirtualHostSettings 80- Agent* XPS (Product) 81- Agent4x 165- CounterValue* 82- AgentConfig* 166- Expression* 83- AgentGroup* 167- ExtractManifest 84- AgentInstance* 168- ExtractManifestEntry * indicates object types that can be granularly exported. ------------------------------------------------------------------- F - Find by XID or RID B - Begin Transaction X - XCart Management (0 item(s)) P - Synchronize with Policy Server (if running) Q - Quit ------------------------------------------------------------------- Enter Option (#,F,B,X,P, or Q): (Enter the number "80" for Agent from SM since are going to take export of Agent object) Enter Option (#,F,B,X,P, or Q): 80 CLASS MENU****************************************************************#3 Class: Agent [CA.SM::Agent] SiteMinder Type: 1 Export Group: Environmental Import Type: Add Category: Dictionary (1) Data Category: Object Store (2) ------------------------------------------------------------------- A - List 4 Attributes L - List 10 Links E - Show single extension Class N - Create a New instance of this class F - Find an object by XID or RID S - Search objects Q - Quit ------------------------------------------------------------------- To Select for all Agent objects select S Enter Option (ALENFSQ): S SEARCH MENU***************************************************** CA.SM::Agent There are 2 objects in the result.
* 1-CA.SM::Agent@01-5d1c3383-dc89-46da-8ba5-08f18765cc28 (I) Name :"webone_agent" (C) Desc :"Weone Apache agent" 2-CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07 (I) Name :"websphere_agent" (C) Desc :"Websphere Application Server Agent" * indicates that the object is in the XCart. ------------------------------------------------------------------- + - Add attribute to Sort (ascending) - - Add attribute to Sort (descending) B - Build Filter X - Add all to XCart (using mode: DEFAULT) Y - Remove all from XCart M - Change XCart Add Mode Q - Quit ------------------------------------------------------------------ Enter Option (#,+,-,B,X,Y,M,Q):
The above Search result fetched all Agents with XID configured in the policy server as seen in the Admin Console.
Now we know the Agent “XID’s” so what we can do is go back and find using the XID of the Agent object we need to take export and add the object to the XCart
CLASS MENU****************************************************************#3
Class: Agent [CA.SM::Agent]
SiteMinder Type: 1
Export Group: Environmental
Import Type: Add
Category: Dictionary (1)
Data Category: Object Store (2)
-------------------------------------------------------------------
A - List 4 Attributes
L - List 10 Links
E - Show single extension Class
N - Create a New instance of this class
F - Find an object by XID or RID
S - Search objects
Q - Quit
-------------------------------------------------------------------
Enter Option (ALENFSQ): F
Past the XID of the Object you identified above using the search result.
Record (blank to exit):Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07
OBJECT MENU************************************************************#3191
------------------------- Object Meta Data ------------------------
XID: CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07
Actual Class: CA.SM::Agent
Base Class: CA.SM::Agent
In Cache: yes 3 Created: 2013-12-12 03:22:12 GMT
By: siteminder (via GUI)
---------- Attributes from CA.SM::AgentDisplay Meta Data ----------
AgentTypeLink =CA.SM::AgentType@10-8d78bb96-ae15-11d1-9cdd-006008aac24b
Desc ="Websphere Application Server Agent"
Name ="websphere_agent"
RealmHintAttrId = 0
------------------ Attributes from CA.SM::Agent4x -----------------
IpAddr
Secret
-------------------------------------------------------------------
M - Display Meta Data
J - Display Joined Attribute value
L - Display Links
R - Display Related records (13 types)
P - Polymorph object (3 classes)
W - Get writable copy
D - Delete Object
A - List 6 Attributes
X - Add to XCart (use Mode: DEFAULT)
+ - Change XCart Mode
Q - Quit
-------------------------------------------------------------------
Enter Option (MJLRPWDAX+Q):X – ( This will add to Xcart.)
You have added the object in the XCart. Now Quit to go to the Main Menu and Select X to save your changes to a file.
MAIN MENU******************************************************************* ------------------------------------------------------------------- F - Find by XID or RID B - Begin Transaction X - XCart Management (1 item(s)) - UNSAVED P - Synchronize with Policy Server (if running) Q - Quit ------------------------------------------------------------------- Enter Option (#,F,B,X,P, or Q): X XCart MENU***********************************************************Unsaved There is 1 object in the cart 1-CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07 Import mode: DEFAULT (I) Name : "websphere_agent" (C) Desc : "Websphere Application Server Agent" ------------------------------------------------------------------- L - Load cart from file. S - Save cart to file (c:/shared/test_xcart) M - Load cart from an ExtractManifest N - Save cart to a new file. T - Save cart to a new ExtractManifest. A - Set import mode to ADD. O - Set import mode to OVERLAY. R - Set import mode to REPLACE. D - Set import mode to default. Z Clear the cart Q Quit ----------------------------------------------------------------- Enter Option (L.S,M,N,T,A,O,R,D,Z or Q): S File saved. XCart MENU*************************************************************saved There is 1 object in the cart 1-CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07 Import mode: DEFAULT (I) Name : "websphere_agent" (C) Desc : "Websphere Application Server Agent" ------------------------------------------------------------------- L - Load cart from file. S - Save cart to file (c:/shared/test_xcart) M - Load cart from an ExtractManifest N - Save cart to a new file. T - Save cart to a new ExtractManifest. A - Set import mode to ADD. O - Set import mode to OVERLAY. R - Set import mode to REPLACE. D - Set import mode to default. Z Clear the cart Q Quit Enter Option (L.S,M,N,T,A,O,R,D,Z or Q): Q
Below is the save file content
The file :test_xcart # Type: CA.SM::Agent # (I) Name : "websphere_agent" # (C) Desc : "Websphere Application Server Agent" CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07
So what we have done so far is
- Used XPSExplorer to Find the XID of the Object
- Selected the Object
- Added the object using XID to the XCart
- Save the Xcart content to a file c:/shared/test_xcart Now take an export of the object using XPSExport
C:\Users\Administrator>XPSExport c:/shared/agent_export.xml -xf c:/shared/test_xcart -npass -vT -l c:/shared/export_aget.log
[XPSExport - XPS Version 12.51.0000.905] Log output: c:/shared/export_aget.log Initializing XPS, please wait... (INFO) : [sm-xpsxps-00120] Initializing XPS Version 12.51.0000.905 (INFO) : [sm-xpsxps-01160] LDAP Provider Info String = CA Directory (INFO) : [sm-xpsxps-01120] LDAP Provider Version: supportedLdapVersion = 3 (INFO) : [sm-xpsxps-01120] LDAP Provider Version: dxServerVersion = DXserver r12.0 SP12 (build 7338) Windows_NT/DXgrid 32-Bit (INFO) : [sm-xpsxps-00560] Database Transactions are 0. (INFO) : [sm-xpsxps-00300] 1 Parameter(s) loaded from Policy Store, 1 total. (INFO) : [sm-xpsxps-00330] Caching Policy Data... (WARN) : [sm-xpsxps-03500] CA.SPS: No product library. (INFO) : [sm-xpsxps-00310] 3223 object(s) loaded from the Policy Store. (INFO) : [sm-xpsxps-00430] Policy Store ID is "acb8bc84-5b1a-46b9-8942-e10e80f2b7a9". (INFO) : [sm-xpsxps-06870] XPS Auditing is enabled. (INFO) : [sm-xpsxps-03460] No validation warnings will be logged (controlled by CA.XPS::$LogValidationWarnings). (INFO) : [sm-xpsxps-00150] XPS Initialized. (317, 0, 0) (INFO) : [sm-xpsxps-00150] XPS Initialized. (INFO) : [sm-xpsxps-05940] Extract Operation is entering the "Initializing" phase. Log Time Phase/Section Objects %%age #Err Elapsed -------- ------------------------ --------------- ----------- ----------------- 15:52:12 Initializing (INFO) : [sm-xpsxps-05940] Extract Operation is entering the "Analyzing" phase. 15:52:12 Analyzing 00:00:00 (INFO) : [sm-xpsxps-05940] Extract Operation is entering the "Reading" phase. 15:52:12 Reading 00:00:00 15:52:12 Reading/Policy Data 32/318 10% 00:00:00 00:00:00 15:52:12 Reading/Policy Data 64/318 20% 00:00:00 00:00:00 15:52:12 Reading/Policy Data 96/318 30% 00:00:00 00:00:00 15:52:12 Reading/Policy Data 128/318 40% 00:00:00 00:00:00 15:52:12 Reading/Policy Data 159/318 50% 00:00:00 00:00:00 15:52:12 Reading/Policy Data 191/318 60% 00:00:00 00:00:00 15:52:12 Reading/Policy Data 223/318 70% 00:00:00 00:00:00 15:52:12 Reading/Policy Data 255/318 80% 00:00:00 00:00:00 15:52:12 Reading/Policy Data 287/318 90% 00:00:00 00:00:00 15:52:12 Reading/Policy Data 318/318 100% 00:00:00 00:00:00 (INFO) : [sm-xpsxps-05940] Extract Operation is entering the "Sorting" phase. 15:52:12 Sorting/Policy Data 00:00:00 15:52:12 Sorting/Policy Data 1/1 100% 00:00:00 00:00:00 (INFO) : [sm-xpsxps-05940] Extract Operation is entering the "Writing" phase. 15:52:12 Writing/Header 00:00:00 15:52:12 Writing/References 1/2 50% 00:00:00 00:00:00 15:52:12 Writing/Policy Data 2/2 100% 00:00:00 00:00:00 15:52:12 Writing/Footer 00:00:00 00:00:00 (INFO) : [sm-xpsxps-05140] Extract complete. (INFO) : [sm-xpsxps-05500] 0 value reference(s) exported. (INFO) : [sm-xpsxps-05510] 1 link reference(s) exported. (INFO) : [sm-xpsxps-05520] 1 policy data object(s) exported. (INFO) : [sm-xpsxps-05530] 0 configuration parameter(s) exported. (INFO) : [sm-xpsxps-05540] 0 security object(s) exported. (INFO) : [sm-xpsxps-05560] Export file is 2079 bytes. (INFO) : [sm-xpsxps-05940] Extract Operation is entering the "Complete" phase. 15:52:12 Complete 00:00:00 (INFO) : [sm-xpsxps-05140] Extract complete. Total elapsed time:00:00 File is2,079 bytes. (INFO) : [sm-xpsxps-00160] Shutting down XPS... (INFO) : [sm-xpsxps-00170] Shutting down XPS housekeeping... (INFO) : [sm-xpsxps-00160] Shutting down XPS... (INFO) : [sm-xpsxps-00210] Releasing SiteMinder object store connection to XPS... (INFO) : [sm-xpsxps-00180] Releasing XPS configuration cache... (INFO) : [sm-xpsxps-00240] XPS Shutdown Complete. C:\Users\Administrator>
You can also do export of this object using the below method
Use XPSExplorer to find the XID of the object to be export and run the following command
C:\Users\Administrator>XPSExport c:/shared/agent_export1.xml -xo CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07 -npass -vT -l c:/shared/export_aget1.log
[XPSExport – XPS Version 12.51.0000.905]
Export would be saved in XML file agent_export1.xml
Different Export options can be used are
- DEFAULT
- Default mode
- ADD
- Adds new objects; does not replace existing objects.
- OVERLAY
- Replaces existing objects; does not add new objects.
- REPLACE
- Replaces existing objects and adds new objects.
The test_cart file
# Type: CA.SM::Agent
# (I) Name : "websphere_agent"
# (C) Desc : "Websphere Application Server Agent"
CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07
# Type: CA.SM::AgentConfig
# (I) Name : "WebOne_ACO"
# (C) Desc : "WebOne Apache instance ACO"
ADD=CA.SM::AgentConfig@21-324b775a-725d-4be2-b07b-7ba8409a06a7
# Type: CA.SM::AgentConfig
# (I) Name : "IISDefaultSettings"
OVERLAY=CA.SM::AgentConfig@21-eaf30a03-e8f9-11d5-ba50-0010a4911ff4
So you have manually type these keyword in the saved file and run the Export command or use XCart to export in any of the four mode as below
Go to the Main menu of XPSExplorer
* indicates object types that can be granularly exported.
F - Find by XID or RID
B - Begin Transaction
X - XCart Management (2 item(s)) - UNSAVED
P - Synchronize with Policy Server (if running)
Q - Quit
-------------------------------------------------------------------
Enter Option (#,F,B,X,P, or Q): X
XCart MENU***********************************************************Unsaved
There are 2 objects in the cart
1-CA.SM::Agent@01-84ba3672-ac33-41b2-ace5-97e1cf5bfe07
Import mode: DEFAULT
(I) Name : "websphere_agent"
(C) Desc : "Websphere Application Server Agent"
2-CA.SM::AgentConfig@21-324b775a-725d-4be2-b07b-7ba8409a06a7
Import mode: ADD
(I) Name : "WebOne_ACO" (C) Desc : "WebOne Apache instance ACO"
-------------------------------------------------------------------
L - Load cart from file.
S - Save cart to file (c:/shared/test_xcart)
M - Load cart from an ExtractManifest
N - Save cart to a new file.
T - Save cart to a new ExtractManifest.
A - Set import mode to ADD.
O - Set import mode to OVERLAY.
R - Set import mode to REPLACE.
D - Set import mode to default.
Z Clear the cart
Q Quit
XPSImport
XPSImport performs the below task
- Import the entire policy data.
- Import a portion of the policy data.
- Import configuration data.
>XPSImport Input_file.xml -e log_file
Input_file – Specify the exported xml file location
-e Logs errors and exceptions
>XPSImport c:/shared/agent_export.xml -e c:/shared/import_err.log
---------------------------------------------------------------------------------------------------------------------------------------------
Disclaimer: Content posted here worked for me and may not guarantee success, should be used as reference only and please use it cautiously.