PingFederate Server

Importing and deploying administrative console configuration data

On the Configuration Archive window, you can import and deploy administrative-console configuration data from a .zip file.

About this task

When you import and deploy configuration data using the Import tab, PingFederate displays error messages if there are any missing plugin components, such as adapters, database drivers, or token translators, on which the archive depends, or any mismatches of PingFederate licensing authorization. You can choose to force the deployment and then install the missing components later.

Automatic data upgrade

When you import a configuration archive from an older version, PingFederate automatically upgrades the data to be compatible with the current version.

This feature requires two conditions:

  • The enableDataUpgrade parameter in the data-upgrade-handler.xml file is set to true. This parameter is enabled by default.

  • The configuration data archive is from PingFederate version 11.0 or later.

Installation of any missing database drivers or other third-party libraries will require a restart of PingFederate.

Deploying a configuration archive, either manually or by using the administrative console, always overwrites all existing configuration data.

To import and deploy administrative-console configuration data from an archive:

Steps

  1. On the Configuration Archive window’s Import tab, choose the desired configuration archive from your system.

  2. Optional: If you want PingFederate to deploy the archive regardless of whether dependency errors are detected, select the Force Import check box.

    If you enable this feature, consult the server start-up console or the server log for any messages concerning missing plugin components or other errors.

  3. Optional: To re-encrypt imported configuration data, select the Re-encrypt Data check box. PingFederate will re-encrypt sensitive imported information, such as datastore passwords and adapter shared secrets, with the primary configuration encryption key. This is most useful when you don’t want to share configuration encryption keys between the two environments.

    If you re-encrypt an archive, you might lose access to external OAuth clients and runtime state, such as grants or sessions, that were encrypted with keys from the archive. PingFederate will not import configuration encryption keys in the data archive. Also, it will not re-encrypt data stored externally, such as OAuth clients, persistent grants, or persistent sessions in an external datastore.

  4. Click Import.