Layer7 API Management

Hello,

I am facing problem in Identity provider mapping.

I have two server Dev and UAT , i have initially configured enterprise LDAP in identity provider during base installation on both instances.

now when i am trying to migrate a policy that authenticate against that LDAP . I am getting 

Error: Property Key=Identity provider Error message "(name)" must be unique

Can you suggest any override on it.

I have already tried manage mappings but it didn't work.

Hello,

Is this the first time you've tried to migrate this service/folder to UAT ?

If yes, does the ID Provider exist on UAT already, or are you wanting GMU to create it?

can you post your 'migrateOut/migrateIn' commands and results.xml, it'll help myself and others troubleshoot.

thanks,

Doyle

Hello Doyle ,

Yes, it's first time i am migrating this service to UAT.

UAT and Higher Environments already configured with the same External Identity provider.

I Don't want GMU to create it for me explicitly.

Here is the migrate in and Migrate out commands i am using. 

Migrate out commands i user in my script.

TARGET_FILE=$TARGET_ENV/$INTEXT/Service/$SHORTN
#
echo "Exporting Service Policy $SHORTN to $TARGET_FILE.xml"
/opt/SecureSpan/gmu/GatewayMigrationUtility.sh migrateOut --argFile /opt/SecureSpan/gmu/commonargs.props --serviceName "/$INTEXT/$SHORTN" --dest $TARGET_FILE.xml --defaultAction NewOrExisting
#
echo "Managing Mappings for Service Policy $TARGET_FILE.xml"
/opt/SecureSpan/gmu/GatewayMigrationUtility.sh manageMappings --argFile /opt/SecureSpan/gmu/commonargs.props --bundle $TARGET_FILE.xml --type service --action NewOrUpdate
#
echo "Templating Service Policy $TARGET_FILE.xml to $TARGET_FILE.properties"
/opt/SecureSpan/gmu/GatewayMigrationUtility.sh template --argFile /opt/SecureSpan/gmu/commonargs.props --bundle $TARGET_FILE.xml --template $TARGET_FILE.properties

 

MigrateIn commands i used 

 

/opt/SecureSpan/gmu/GatewayMigrationUtility.sh migrateIn --argFile /opt/SecureSpan/gmu/commonargs.props --bundle $TARGET_FILE.xml --template $TARGET_FILE.properties --results results.xml -destFolder / $2 $3

 

Results.xml file 

 
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<l7:Item xmlns:l7="http://ns.l7tech.com/2010/04/gateway-management">
<l7:Name>Bundle mappings</l7:Name>
<l7:Type>BUNDLE MAPPINGS</l7:Type>
<l7:TimeStamp>2016-10-09T17:23:23.283+02:00</l7:TimeStamp>
<l7:Link rel="self" uri="https://ese0874.ss:9443/restman/1.0/bundle?test=false&activate=true"/>
<l7:Resource>
<l7:Mappings>
<l7:Mapping action="NewOrExisting" errorType="UniqueKeyConflict" srcId="d94910c473027e135cb9318c93f45a0e" srcUri="https://ese0874.ss:9443/restman/1.0/identityProviders/d94910c473027e135cb9318" type="ID_PROVIDER_CONFIG">
<l7:Properties>
<l7:Property key="ErrorMessage">
<l7:StringValue>(name) must be unique</l7:StringValue>
</l7:Property>
</l7:Properties>
</l7:Mapping>
<l7:Mapping action="NewOrExisting" actionTaken="CreatedNew" srcId="78ba1a30fcca23c5ce92243" srcUri="https://ese0781.ss:9443/restman/1.0/clusterProperties/78ba1a30fcca23c5ce92243" targetId="78ba1a30fcca23c5ce92243" targetUri="https://ese0874.ss:9443/restman/1.0/clusterProperties/78ba1a30fcca23c5ce92f" type="CLUSTER_PROPERTY">
<l7:Properties>
<l7:Property key="MapBy">
<l7:StringValue>name</l7:StringValue>
</l7:Property>
</l7:Properties>
</l7:Mapping>
<l7:Mapping action="NewOrExisting" actionTaken="UsedExisting" srcId="00000000000002:dev-with aleternative subject name" srcUri="https://ese0781.ss:9443/restman/1.0/privateKeys/00000000000:dev-with%20aleternative%20subject%20name" targetId="00000000000000000000000000000002:dev-with aleternative subject name" targetUri="https://ese0874.ss:9443/restman/1.0/privateKeys/000000000000:dev-with%20aleternative%20subject%20name" type="SSG_KEY_ENTRY"/>
<l7:Mapping action="NewOrExisting" actionTaken="UsedExisting" srcId="72fbfd7ad86d62e647a42" srcUri="https://ese0781.ss:9443/restman/1.0/folders/72fbfd7ad86d62e647a4a410" targetId="c050a38b2e806e11a8b58e" targetUri="https://ese0874.ss:9443/restman/1.0/folders/c050a38b2e806e1e7ddc6" type="FOLDER">
<l7:Properties>
<l7:Property key="FailOnNew">
<l7:BooleanValue>true</l7:BooleanValue>
</l7:Property>
</l7:Properties>
</l7:Mapping>
<l7:Mapping action="NewOrUpdate" actionTaken="CreatedNew" srcId="78ba1a30fcca23c5ce92243" srcUri="https://ese0781.ss:9443/restman/1.0/services/78ba1a30fcca23c5ce92243" targetId="78ba1a30fcca23c5ce92243" targetUri="https://ese0874.ss:9443/restman/1.0/services/78ba1a30fcca23c5ce92243" type="SERVICE"/>
</l7:Mappings>
</l7:Resource>
</l7:Item>

 

Hi Apoorva,

As you have created the identity provider on the destination explicitly and it should not be over-written.

You need to set the action as ignore for the Identity Provider (type ID_PROVIDER_CONFIG) using manageMappings.

Example:

shell> GatewayMigrationUtility.sh manageMappings --argFile /opt/SecureSpan/gmu/commonargs.props --bundle $TARGET_FILE.xml --type ID_PROVIDER_CONFIG --action Ignore

With the above command all the identity provider configurations action will be set to ignore and on migrateIn command will not override the destination values.

Hello,

as per you guys suggested , i made changes in my script as below 

echo "Managing Mappings for Service Policy $TARGET_FILE.xml"
/opt/SecureSpan/gmu/GatewayMigrationUtility.sh manageMappings --argFile /opt/SecureSpan/gmu/commonargs.props --bundle $TARGET_FILE.xml --type ID_PROVIDER_CONFIG --action ignore --type service --action NewOrUpdate

Its working fine for the services configured with Identity provider. But having a strange message "Mapping not found"

in case of service doesn't contain any Identity provider. 

Managing Mappings for Service Policy DEV/<servicename>.xml
Running..
Execution failed. Reason: Mapping not found with type=ID_PROVIDER_CONFIG and srcName=null

Templating Service Policy DEV/I160520.Int.GetMaterialDocumentFromEristat.xml to DEV/I160520.Int.GetMaterialDocumentFromEristat.properties
Running.
Template completed

Can anyone suggest a generic solution to it.

I believe you'll lose the mapping if you use 'ignore'. You don't want to purely ignore the mapping as something still needs to reference it that you want imported. I think what you want to do is to map identity providers by Name instead of the default, by 'id'. You can accomplish this in your script by including the following manageMappings instruction.

./gmu.sh manageMappings -b myBundle.xml -t ID_PROVIDER_CONFIG -N

what this instruction does, is it targets all ID providers in the bundle and modifies it to map by the Name of the ID Provider, instead of the ID ( the ID will be different, as the ID Providers were created manually ). Make sure the names are identical in each environment.

Hope this helps,

Doyle