5.3 Migrating Federation Manager 2 Configuration from Flat Files to Directory Servers

Use the following as your checklist for migrating Federation Manager 2 configuration from flat files to Directory Servers:

To Update the Federation Manager 2 serverconfig.xml File

Go the following directory that contains the serverconfig.xml file:
# cd /var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/config/

Make a backup of the file serverconfig.xml, and then make the following changes in serverconfig.xml:

In the following entry, change the host name and port number attribute values:

<iPlanetDataAccessLayer>
        <ServerGroup name="default" minConnPool="1" maxConnPool="10">
               <Server name="Server1" host="LoadBalancer-7.siroe.com" 
								port="389" type="SIMPLE" />
                <User name="User1" type="proxy">
                        <DirDN>
                                uid=amadmin,ou=people,o=siroe.com

Verify that the following user entries exist in the file:

<User name="User1" type="proxy">
                        <DirDN>
                                uid=amadmin,ou=people,o=siroe.com
                        </DirDN>
                        <DirPassword>
                                AQICGmG7l+gzO6bjmbDBve/MqicBf/zR2I+P
                        </DirPassword>
                </User>
                <User name="User2" type="admin"~
                        <DirDN>
                                uid=amadmin,ou=people,o=siroe.com
                        </DirDN>
                        <DirPassword>
                                AQICGmG7l+gzO6bjmbDBve/MqicBf/zR2I+P
                        </DirPassword>
                </User>

In this deployment example, the proxy user and administrative user have the same DN. In effect, these are the same user. They are both superusers contained in the ou=service branch of the Directory Server. These users have privileges to read, write, and search the Federation Manager configuration. The user amadmin does not exist in the Directory Server at this point.

To Update the Federation Manager 2 AMConfig.properties File

Go to the directory that contains the AMConfig.properties file:
# cd /var/opt/SUNWam/fm/war_staging/web-src/WEB-INF/classes

In AMConfig.properties, set the implementation class for the SM data store.

Make a backup of the AMConfig.properties file, and the set the following property:
com.sun.identity.sm.sms_object_class_name=com.sun.identity.sm.ldap.SMSLdapObject

To Regenerate and Redeploy the Federation Manager 2 WAR File

On the Federation Manager 2 host, run the fmwar command.

#cd /opt/SUNWam/fm/bin
# ./fmwar -n federation -d /var/opt/SUNWam/fm/war_staging -s /export/fmsilent

Undeploy the existing Federation Manager WAR 2 file.
# cd /opt/SUNWwbsvr/bin/https/bin # ./wdeploy delete -u /federation -i FederationManager-2.siroe.com -v https-FederationManager-1.siroe.com -n hard
The —n hard option deletes the directory where Federation Manager is exported as well as the URI. If you use the —n soft option, only the URI is deleted.

Deploy the customized Federation Manager 2 WAR file.
# ./wdeploy deploy -u /federation -i FederationManager-2.siroe.com -v https-FederationManager-2.siroe.com /var/opt/SUNWam/fm/war_staging/federation.war
This WAR file contains all the SAMLv2 configuration and Directory Server configuration you completed in the previous tasks.

Restart the Federation Manager web container.

#cd /opt/SUNWwbsvr/https-FederationManager-2.siroe.com
# ./stop
# ./start

Verify that you can access the Federation Manager 2 server.
1. In a browser, go to the Federation Manager URL:
  http://FederationManager-2.siroe.com:8080/federation/UI/Login
2. Log in to the Federation Manager console:
  
  User Name:
  
  amadmin
  
  Password:
  
  11111111
If you can log in successfully, the WAR file was deployed successfully.