Access Management 7.3.2

Import and export policies

You can import and export policies to and from files.

You can use these files to back up policies, transfer policies between AM instances, or store policy configuration in a version control system such as Git or Subversion.

AM supports exporting policies in JSON and eXtensible Access Control Markup Language (XACML) Version 3.0 format.

Comparison of policy import/export formats
Feature Supported for JSON? Supported for XACML?

Can be imported/exported from within the AM admin UI?

No

Yes

Can be imported/exported on the command line, using the ssoadm command?

Yes

Yes

Exports policies?

Yes

Yes

Exports policy sets?

Yes

Partial(1)

Exports resource types?

Yes

Partial

Creates an exact copy of the original policy sets, resource types, and policies upon import?

Yes

Partial(2)

(1) Only the details of policy sets and resource types that are actually used within a policy are exported to the XACML format. The full definition is not exported.

(2) Policy sets and resource types will be generated from the details in the XML, but may not match the definitions of the originals. For example, the names are auto-generated.

AM can only import XACML 3.0 files that were either created by an AM instance, or that have had minor manual modifications, due to the reuse of some XACML 3.0 parameters for non-standard information.

Importing and exporting JSON:

Importing and exporting XACML:

Export policies in JSON format (ssoadm)

  1. Use the ssoadm policy-export command:

    $ ssoadm \
      policy-export \
      --realm "/" \
      --servername "https://openam.example.com:8443/openam" \
      --jsonfile "myPolicies.json" \
      --adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
      --password-file /tmp/pwd.txt
    {
      "RESOURCE_TYPE" : 1,
      "POLICY" : 1,
      "APPLICATION" : 1
    }

    If exporting from a subrealm, include the top level realm (/) in the --realm value. For example, --realm "/myRealm".

    For more information on the syntax of this command, see ssoadm policy-export.

Import policies in JSON format (ssoadm)

  1. Use the ssoadm policy-import command:

    $ ssoadm \
      policy-import \
      --realm "/myRealm" \
      --servername "https://openam.example.com:8443/openam" \
      --jsonfile "myPolicies.json" \
      --adminid uid=amAdmin,ou=People,dc=openam,dc=forgerock,dc=org \
      --password-file /tmp/pwd.txt
    {
      "POLICY" : {
        "CREATE_SUCCESS" : {
          "count" : 1
        }
      },
      "RESOURCE_TYPE" : {
        "CREATE_SUCCESS" : {
          "count" : 1
        }
      },
      "APPLICATION" : {
        "CREATE_SUCCESS" : {
          "count" : 1
        }
      }
    }

    If importing to a subrealm, include the top level realm (/) in the --realm value. For example, --realm "/myRealm".

    For more information on the syntax of this command, see ssoadm policy-import.