|Applies To||RSA Federated Identity Manager (FIM) 2.6|
RSA Federated Identity Manager (FIM) 2.5
|Issue||Best Practices for backup and restoration of FIM configuration and secrets files|
com.rsa.csf.common.exceptionbase.CsfApplicationException: Problem decrypting the property file
com.rsa.csf.common.exceptionbase.CsfApplicationException: can not get SSVS to access properties file
The FIM managed server does not start.
|Cause|| RSA Federated Identity Manager (FIM) is based on the RSA common server framework (csf) server. In order to protect sensitive security information FIM encrypts information using a key based on several key hardware parameters of the machine where FIM is installed and stored in the rsaappserer\properties\encryptedfields.properties file. The encryption key is based on a combination of the following parameters. |
If any three of the parameters change then the encryption key is no longer valid and FIM will fail to start. This may occur if an operating system patch is applied or memory added, or if the FIM server is moved to a different machine. On Windows systems the password used to start the FIM servers as a windows services is also encrypted using these keys.
Backup of FIM configuration files
In order to ensure that your FIM server can be restored in the case that the encryption keys are lost you should ensure that a backup of encryption keys and SAML configuration is made periodically. A backup should be performed:
1. after the initial installation of FIM
configtool EXPORTSECRETS password filename
Restoration of FIM configuration files
configtool IMPORTSECRETS password filename
|Workaround||The FIM machine was recently upgraded or the server was moved to different hardware.|
|Legacy Article ID||a33457|