After importing Identity Server and Access Gateway configuration data, you must perform configurations that are specific to the target system and that are not part of the exported data.
After the import process is complete, the system displays a list of certificates that you need to create or import manually and apply. Code Promotion imports Identity Server key stores, but you must create the certificates referenced in them on the server where you have imported the configuration data.
To create certificates, go to Security > Certificates. For more information about how to create certificates, see Section 15.0, Creating Certificates.
The new certificate name must exactly match the names listed.
Update Identity Server devices in the modified clusters. Go to Troubleshooting > Certificates and click Re-push certificates, and then update all devices in the cluster.
Configure user stores for the newly added clusters. After the import process is complete, the system displays a list of Identity Server clusters for which you need to configure user stores. Code Promotion creates a placeholder entry for the user store. Code Promotions sets eDirectory as the default user store. You must enter the IP address, search context, and the password for the user stores of the target system. For more information, see Section 4.1.1, Configuring Identity User Stores.
For a newly added cluster, you need to manually add Identity Server devices to it. This will enable you to use the imported configuration.
Distribute the policy extension JARs to devices in Administration Console under Policy > Extensions. For more information, see Distributing a Policy Extension.
(Conditional) Update service providers with the new metadata. The identity provider certificate is different in the exported and imported systems. Therefore, you must re-import the identity provider metadata to all service providers in that cluster for federation to work. For more information, see Viewing and Reimporting a Trusted Provider’s Metadata.
Code Promotion does not import persistent federation identities and shared secrets. Only Identity Servers in your exported setup and service providers share these. You must configure these on the server after you import the configuration data.
When you add a new node in a cluster and no cache exists, the system takes customization of any active node in that cluster and applies that customization to this node on the target system. Modify the list of customization files to include all files as of the source setup. Otherwise, the customization available on the target system will be applied to the node.
In case of User Attribute Retrieval and Transformation feature, after the import process is complete:
If a data source entry exists only in staging, then a new entry is created in the production environment. Code Promotion creates a placeholder entry for the data source fields. You must enter the username, password, IP, port, search context for LDAP, and URL of the data source
If a data source entry exists in the staging and the production environment, and, if the data source name is the same but has a different data source type, then, the production entry is retained.
After the import process is complete, the system displays a list of certificates that you need to create or import manually and apply. Proxy key stores are imported, but you must create the certificates referenced in them on the target system.
To create certificates, go to Security > Certificates. For more information about how to create certificates, see Section 15.0, Creating Certificates. For more information about how to create certificates, see Section 15.0, Creating Certificates.
The new certificate name must exactly match with names listed.
Go to Troubleshooting > Certificates to re-push certificates and then update all devices in the cluster.
If SSL is enabled between the imported proxy services and the web servers, and you selected to verify the certificate authorities of the web server certificates, then ensure that the web server's trusted roots are added to Access Gateway's proxy trust store.
Go to Troubleshooting > Certificates to re-push certificates and then update all devices in the cluster.
Configure the user store if you have imported a new user store. Configure or edit the user stores for Identity Server clusters associated with the target Access Gateway cluster.
Update the following Identity Server dependencies of policies with appropriate Identity Server cluster names and data if any of the policies refer to these:
Authentication contract, Liberty user profile, LDAP OU, Roles, LDAP group, credential profile, OAuth scope, and OAuth claims
Java data injection modules (these are deprecated)
If you have imported the policy extensions, distribute the policy extension JARs to the devices in Administration Console under Policy > Extensions and restart Access Gateway. If you imported policy extensions as part of Device Customization, then only restart Access Gateway.
For more information, see Distributing a Policy Extension.
When you add a new node in a cluster and no cache exists, the system takes customization of any active node in that cluster and applies that customization to this node on the target system. Modify the list of customization files to include all files as of the source setup. Otherwise, the customization available on the target system will be applied to the node.
If the imported Access Gateway components or policies refer to anything other than the following Identity Server dependencies, then, you must import these dependencies manually by using Identity Server Code Promotion: Contracts, methods, classes, user stores, LDAP attributes, and shared secrets.