1. Using XPSExplorer
command we will find the Domain_ID of Domain which we need to import in target policy server.
Below commands are required to run on Source policy server to make a copy of domain in a file(i.e .xml)
$ pwd
/opt/siteminder/netegrity/bin
$ find XPS*
XPSConfig
XPSCounter
XPSDDInstall
XPSDictionary
XPSEvaluate
XPSExplorer
XPSExport
XPSImport
XPSLicense
XPSRegClient
XPSSweeper
$ ./XPSExplorer
[XPSExplorer - XPS Version 12.5.0000.732]
Log output: XPSExplorer.xxxxxx_073226.log
MAIN MENU *******************************************************************
CA (Vendor) 65- Agent*
CDS (Product) 66- Agent4x
3- Certificate* 67- AgentConfig*
4- CRLRevocationData* 68- AgentGroup*
5- OCSPRevocationData* 69- AgentInstance*
EPM (Product) 70- AgentType*
7- Application* 71- AgentTypeAttr
8- ApplicationGroup* 72- AuthAzMap*
9- AttributeMapping 73- AuthScheme*
10- CapabilityGroup 74- AuthValidateMap*
11- LDAPUserDirectory 75- AzIdentityMappingEntry
12- ODBCQuery 76- CertMap*
13- ODBCUserDirectory 77- ConfigParameter*
14- ResponseConstraint 78- ConfigParametersWithRule*
15- Role 79- Domain*
FED (Product) 80- GlobalDomain
17- ArtResService* 81- GlobalPolicy
18- AssConService* 82- GlobalPolicyLink
19- AttributeMapping* 83- GlobalRealm
20- AttributeSource* 84- GlobalResponse
21- AuthnContextMapping* 85- GlobalResponseAttr
22- AuthnContextTemplate* 86- GlobalResponseGroup
23- BackchannelConfig* 87- GlobalRule
24- Certificate* 88- GlobalRuleGroup
25- ContactPerson* 89- GlobalUserPolicy
26- EncryptionConfig* 90- GlobalVariable
27- Endpoint* 91- HostConfig*
28- GlobalConfig* 92- IdentityMapping
29- IdPBase* 93- IdentityMappingEntry
30- IdPLocal 94- ODBCQuery*
31- IdPPartnership 95- PasswordPolicy*
32- IdPRemote 96- Policy
33- NameIDConfig* 97- PolicyLink
34- OpenCookieConfig* 98- Realm
35- Organization* 99- RegularExpr
36- PartnershipBase* 100- ResourcePartnerUsers
37- PhysicalAttributeMapping* 101- Response
38- SAML1xAssnConService* 102- ResponseAttr
39- SAML1xAssnRetrService* 103- ResponseGroup
40- SAML1xAttribute* 104- RootConfig*
41- SAML1xConsToProdPartnership 105- Rule
42- SAML1xConsumerLocal 106- RuleGroup
43- SAML1xConsumerRemote 107- SAMLAffiliation*
44- SAML1xEntityBase* 108- SAMLv1IdP
45- SAML1xPartnershipBase* 109- SAMLv1SP
46- SAML1xProdToConsPartnership 110- SAMLv2IdP
47- SAML1xProducerLocal 111- SAMLv2SP
48- SAML1xProducerRemote 112- SelfReg*
49- SAML1xSSOService* 113- ServiceProviderUsers
50- SAML2Attribute* 114- SharedSecretPolicy*
51- SiteMinderConnector* 115- TrustedHost*
52- SLOService* 116- UserDirectory*
53- SPBase* 117- UserPolicy
54- SPLocal 118- ValidateIdentityMappingEntry
55- SPPartnership 119- Variable
56- SPRemote 120- VariableType*
57- SSOService* 121- WSFEDIdP
58- StandaloneStoreVersion* 122- WSFEDSP
59- StatusRedirects* XPS (Product)
60- UserMapping* 124- CounterValue*
SM (Product) 125- Expression*
62- Admin* 126- ExtractManifest
63- AffiliateDomain 127- ExtractManifestEntry
64- AffiliateUsers
* indicates object types that can be granularly exported.
-------------------------------------------------------------------
F - Find by XID or RID
B - Begin Transaction
X - XCart Management (0 items)
P - Synchronize with Policy Server (if running)
Q - Quit
-------------------------------------------------------------------
Enter Option (#,F,B,X,P, or Q): 79
CLASS MENU *************************************************************** #11
Class: Domain [CA.SM::Domain]
SiteMinder Type: 3
Export Group: Policy
Import Type: Replace
Category: Dictionary (1)
Data Category: Object Store (2)
-------------------------------------------------------------------
A - List 7 Attributes
L - List 7 Links
C - List 10 child Classes
E - List 3 extension Classes
N - Create a New instance of this class
F - Find an object by XID or RID
S - Search objects
Q - Quit
-------------------------------------------------------------------
Enter Option (ALCENFSQ): S
After providing the option "S" it will show you the no.of domains which exist on the source policy server like below.
34-CA.SM::Domain@03-00016817-2434-1e83-84c7-33c2a7edff3b
(I) Name : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
(C) Desc : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
35-CA.SM::Domain@03-0007d915-f793-1ed5-8710-83d2a7edff3b
(I) Name : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
(C) Desc : "xxxxxxxxxxxxxxxxxxxxxxxxxn"
36-CA.SM::Domain@03-00014282-f54a-1062-aeb4-833224c9ff3b
(I) Name : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
(C) Desc : "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
So the highlighed blue line become the Domain_ID
2. Run XPSExport
command to export the domain in a file(ex .xml)
./XPSExport filename -xo-overlay Domain_ID –npass (if
domain exists on the target server)
./XPSExport filename -xo-add Domain_ID –npass (if
domain doesn’t exists on the target server)
Eg. ./XPSExport
Something_you_like.xml -xo-overlay CA.SM::Domain@03-00014282-f54a-1062-aeb4-833224a9ff3b -npass
3. Run XPSImport
command
on target server
Copy the file which we have created in the step2 on SourcePolicyServer to TargetPolicyServer on /tmp
Path: /opt/siteminder/netegrity/bin
./XPSImport filename –npass
Eg, ./XPSImport /tmp/Something_you_like.xml –npass
So, we are finished here with the domain import from Source to Destination policy server.
Same way we can use below command to import policies import.
./SiteminderPoliciesImport.sh
filename
Please feel free to contact me if any help required regarding.