Note:

As of PingFederate 10.2, the configcopy tool has been deprecated and will be removed in a future release.

For migrating data configured with the source server's administrative console, the configcopy tool performs these overall processing steps:

  1. Retrieves specified connection and other configuration data (XML) from a source PingFederate server
  2. Modifies the configuration with any changes required for the target environment, according to settings in one or more properties files, command-line arguments, or both
  3. Imports the updated configuration into the PingFederate target server

The configcopy tool can perform these functions in real time, from server to server, or by using an intermediate file. The latter option is useful when both the source and target PingFederate servers are either not running at the same time or not accessible from the same operating system command window.

Important:

For one-time configuration transfers from one version of PingFederate to a newer version, use a complete configuration archive, either with configcopy archive export/import commands, or manually through the administrative console, or the administrative API. Other configcopy commands are not supported for this purpose.

Operational capabilities include:

  • Listing of source partner connections, adapter or STS token-translator instances, outbound-provisioning channels, or datastore connections.

    List commands include optional filter settings, when applicable.

  • Copying one or more partner connections, outbound-provisioning channels, or instances of adapters or token translators.
  • Copying one or more datastore connections.
  • Copying server settings.
  • Exporting and importing full configuration archives.

Copying configuration files

The configcopy tool supports copying configuration files containing runtime properties, including those needed for server clustering, that might have been manually customized for the source configuration and need to be migrated. The file-copy command can also copy the PingFederate internal, HSQLDB database when needed.

CAUTION:

Use the built-in HSQLDB only for trial or training environments. For testing and production environments, always use a secured external storage solution for proper functioning in a clustered environment.

Testing involving HSQLDB is not a valid test. In both testing and production, it might cause various problems due to its limitations and HSQLDB involved cases are not supported by PingIdentity.

Managing Certificates

Administrators can use the configcopy tool to perform the following certificate-management tasks on the target PingFederate server:

  • List source trusted certificate authorities (CAs) and target key aliases
  • Copy one or all trusted CAs from the source server
  • Create certificates
  • Create Certificate Signing Requests (CSRs)
  • Import CA-signed and PKCS-12 certificates