Symantec Access Management

Dear friends , I am migrating from R1251 to R1252SP1CR5. I have been exporting data with -xb option and import . M Modifying sm.registry  worked great. However, going forward in the new environment I have been using SessionAssurance which requires lot of config, and I dnt  want to recreate all that after XPSImport. In one of my previous closed discussions, Hubert recommended I export with -xp -xe to take only policy data. Hope Hubert see this post as well. I have done that export so I dont overwrte on existing config, however I dont see any federation parnterships or entities. Is there another key with export I need to use?

Hi Anil,

-xp switch should have exported it. How are you verifying the federation objects ? Did you look at the export file itself ?

Tagging our Federation SME to see if they have anything to comment here : SungHoon_Kim @SAU LAI WONG

Hi Ujwol, The export file had SAML entries in it. I just confirmed. But I dont see them in target policy server through adminUI.

However those objects do exist in XPS store on TARGET policy server. I can see them through XPS Explorer. But I cant seem them through adminui. What could be wrong?

Hi Anil,

Could you please try following :

- Run XPSSweeper

- Restart Policy server

hi Ujwol, I am going back to my -xb export and will rerun the Master Key wizard on both policy server and SPS. I will keep you posted on the updates. Hopefully it will go through fine this time.

Hi Anil,

I have tested with R12.52 SP1 release and confirm that the partnerships are missing from the "XPSExport -xp -xe" output, despite all the backing objects (relevant affiliate domain, auth scheme, agent) and entities are exported.

Seems to be a defect to me. Open a support ticket and we can engage SE to look into it.

Thanks Hubert. Created a case(0048315) with support.

Hi Anil,

https://docops.ca.com/ca-single-sign-on-12-52-sp1/en/administrating/policy-server-tools/xpsexport

The -xe and -xp options supersede the -xa option to extract all policy data, except federation related objects. You can also use the -xb option, which lets you backup the entire policy store, including Policy Server location-specific data, such as the policy store location.

Enhancement request has been raised with Product Management , Kindly vote using the below link .

https://communities.ca.com/ideas/235732619

Regards,
Leo Joseph.

Hi Joseph,

How will this be an ER? The objects are visible through XPSExplorer which means the objects were imported successfully but we cannot see the objects through WAMUI. Aren't you thinking that it is a bug? 

The enhancement request talks about a Swithc to export the Fed Objects and it's not mentioning about the imported objects that are not available in WAMUI.

Thanks.

Sankar.

Hi Uma, 

When using the -xe and -xp switch it currently exports all the relevant backing objects for federation like auth scheme, agent etc but is NOT exporting the main Partnership base "domain" object.

So when Anil said it is visible from XPSExplorer he was referring to ONLY the federation backing objects NOT the base object.

So, the enhancement request is to provide a switch which should allow us to export Federation partnership base domain objects including all its backing object.

It is currently available only with -xb switch which I reckon is an overkill.

Cheers,

Ujwol

Hi Sankar,

In this use case, We couldn't export the federation objects.Only option available is to export with -Xb switch. Hence an enhancement request is raised.

Your query is after importing the Federation object its not available in WAMUI . Request you to raise a new thread .

Regards,
Leo Joseph.