How to back up the SAML configuration in RSA Federated Identity Manager (FIM) 2.0
Originally Published: 2004-09-22
Article Number
Applies To
Microsoft Windows 2000 SP4
Issue
Resolution
Configtool EXPORTSAMLCONFIG EXPORTSAMLFILEPATH
which reads all the SAML domain objects in the datastore and outputs them as a SAML domain object config file. Then, navigate to the location of the configtool command and type configtool > help. This outputs the help information on the configtool command to a file called help which one can review. It details other parameter options available and usage examples for the configtool command.
Notes
Usage: configtool <operation> <arguments>
configtool -f <command file>
configtool -brief
Available operations:
ADDAUTHPROVIDER authenticationDomainName authenticationURL
Description: Adds an AuthenticationProvider domain object to LDAP.
Arguments:
authenticationDomainName - The domain for which authentication services are provided.
authenticationURL - The URL of a servlet that provides basic authentication.
ADDBEAUSER user ID password systempassword
Description: Adds a user to BEA Weblogic embedded LDAP.
Arguments:
user ID - The user ID of the new HTTP basic authentication user.
password - The password that will be assigned to the created HTTP basic authentication user.
systempassword - The system password created during installation.
ADDFULLADMIN userId
Description: adds a Full Access Administrator entry in the RSA branch.
Arguments:
userId - the LDAP user to designate as Full Access Adminstrator.
ADDLDAP ldapname type server port secureport dnroot userbranch rsabranch accountid [password] [confirmation]
Description: Adds a directory configuration.
Arguments:
ldapname - A friendly name for the directory configuration.
type - Directory type: "activedirectory" or "iplanet", or "weblogic".
server - Fully qualified domain name of the directory server.
port - Port on which the directory server runs.
secureport - Secure directory port.
dnroot - The directory starting point.
userbranch - The RDN of the user data - relative to dnroot.
rsabranch - The RDN of the rsa data - relative to dnroot.
accountid - Account name for the LDAP directory.
[password] - Password for the account. If not specified, the user will be prompted..
[confirmation] - Confirmation of the password.
ADDLDAPFAILOVER ldapname failoverserver failoverport failoversecureport [readonly(true/[false])]
Description: Adds a failover configuration to an existing directory configuration.
Arguments:
ldapname - The friendly name of the main directory server.
failoverserver - The fully qualified domain name of the directory server.
failoverport - The port on which the directory server runs.
failoversecureport - The secure directory port.
[readonly(true/[false])] - Indicates whether or not this failover is read-only, default is false (read-write).
ADDLOCALIDMGR bapsURL cookieHandler user ID password [certStore]
Description: Adds/updates a Local Identity Manager.
Arguments:
bapsURL - The URL of a servlet capable of generating a valid authentication cookie given a SAML artifact.
cookieHandler - The complete class name of Java class that creates valid authentication cookies.
user ID - The user ID of the new HTTP basic authentication user.
password - The password that will be assigned to the created HTTP basic authentication user.
[certStore] - The name of a certificate store used to create a client-side SSL channel to the SOAP responder.
ADDPRIMARYIDMGR aaURL authURL artifactType sourceURI [sourceID]
Description: Adds/updates a Primary Identity Manager.
Arguments:
aaURL - The URL of a servlet capable of generating a SAML artifact given a valid authentication cookie.
authURL - The URL of a servlet capable of generating a valid authentication cookie given the correct parameters.
artifactType - The type of SAML artifact the Primary Identity Manager will create.
sourceURI - The URI of a service that responds to SAML requests.
[sourceID] - The source ID corresponding to the source URI.
ADDSAMLREQUESTCALLER user ID password systempassword
Description: Creates an HTTP basic authentication user allowed access to the SAML SOAP responder.
Arguments:
user ID - The user ID of the new HTTP basic authentication user.
password - The password that will be assigned to the created HTTP basic authentication user.
systempassword - The system password created during installation.
ADDSSLCERTS password rootcert [intermediatecerts]
Description: Adds SSL certificates to the keystore.
Arguments:
password - The password that protects the keystore.
rootcert - Full pathname of the file containing the root cert.
[intermediatecerts...] - Full pathname of the files containing the intermediate certs.
CHANGEKEYSTOREPASSWORD oldkeystorepassword keystorepassword Newkeystorepassword (again)
Description: Resets the RSA Mobile keystore password.
Arguments:
oldkeystorepassword - The current password used to protect the RSA Mobile keystore.
keystorepassword - The password that will be used to protect the RSA Mobile keystore.
Newkeystorepassword (again) - Re-enter the RSA Mobile keystore password.
CHANGESAMLREQUESTERPASSWORD user ID oldpassword password systempassword
Description: Change user (SAML Request Caller) password.
Arguments:
user ID - Name of the user whose password will be changed.
oldpassword - The current password for the user.
password - The new password to set for the user.
systempassword - Application server administrator password.
CONFIGAUTHSERVERSSL privatekeyfile privatekeypassword certfile cacertfile
Description: Configures the Authentication Server to use the SSL server certificate.
Arguments:
privatekeyfile - File name and path to the private key package file (should be .pem format).
privatekeypassword - Password used to unlock the private key package file.
certfile - File name and path to the SSL server certificate (should be either .der or .pem format).
cacertfile - File name and path to the CA signer of the SSL server certificate (should be either .der or .pem format).
CONFIGLDAPSSL ldapname password rootcert [intermediatecert1] [intermediatecert2] [intermediatecert3] [intermediatecert4] [intermediatecert5]
Description: Configures ssl connection to LDAP directory.
Arguments:
ldapname - The friendly name for the LDAP directory.
password - Password for protecting the RSA Mobile keystore.
rootcert - Full path to file containing root signer certificate.
[intermediatecert1] - Full path to file containing intermediate certificate #1 (optional).
[intermediatecert2] - Full path to file containing intermediate certificate #2 (optional).
[intermediatecert3] - Full path to file containing intermediate certificate #3 (optional).
[intermediatecert4] - Full path to file containing intermediate certificate #4 (optional).
[intermediatecert5] - Full path to file containing intermediate certificate #5 (optional).
CREATEMS managedserverhostname clusterdnsname clustermulticastaddress password
Description: Create Managed Server package.
Arguments:
managedserverhostname - (Required) Managed server host name.
clusterdnsname - (Required) Registered DNS name of the cluster.
clustermulticastaddress - Multicast IP address reserved for the use of the cluster.
password - (Required) Password to protect secrets.
DEFINESERVER serverName serverDNS serverPort serverSSLPort systempassword
Description: Defines a new instance of the SAML runtime servlets.
Arguments:
serverName - The name of the server hosting the SAML runtime servlets.
serverDNS - The fully-qualified DNS name of the server hosting the SAML runtime servlets.
serverPort - The managed server port of the server hosting the SAML runtime servlets.
serverSSLPort - The managed server SSL port of the server hosting the SAML runtime servlets.
systempassword - The system password created during installation.
DEPLOYDATA ldapname
Description: Deploys the initial configuration data.
Arguments:
ldapname - Friendly name for the LDAP directory.
DESIGNATEADMINSERVER
Description: Designate a managed server to become an administration server.
Arguments:
DISABLELDAPSSL ldapname
Description: Disables SSL connections to LDAP directory.
Arguments:
ldapname - The friendly name for the LDAP directory.
ENABLELDAPSSL ldapname
Description: Enables SSL connections to LDAP directory.
Arguments:
ldapname - Friendly name for the LDAP directory.
EXPORTSAMLCONFIG EXPORTSAMLFILEPATH
Description: Read all the SAML domain objects in the datastore and output them as a SAML domain object configuration file.
Arguments:
EXPORTSAMLFILEPATH - This is the path and filename of the SAML domain object export file.
EXPORTSECRETS password filename
Description: export secrets.
Arguments:
password - Password for protecting the secrets.
filename - The name of the file in which to store the protected secrets.
GENCERTREQ hostname countryname email organizationalunitname organizationname locality state privatekeyfile privatekeysize privatekeypassword requestfile
Description: Generates a PKCS#10 certificate request for WebLogic client-server SSL.
Arguments:
hostname - Fully qualified host name for which the request will be generated.
countryname - Two-letter country code.
email - Email address of the administrator.
organizationalunitname - Organizational unit name.
organizationname - Organization name.
locality - Locality (city, town, township, ...).
state - State name.
privatekeyfile - The full pathname of the file that will contain the private key. The file must have a .pem extension..
privatekeysize - Size of the private key (512, 768, or 1024) to be generated.
privatekeypassword - Password that protects the private key.
requestfile - Full pathname of the file that will contain the certificate request.
GENLDIF ldapname
Description: Generates a schema LDIF file for the named directory configuration.
Arguments:
ldapname - The friendly name of the LDAP directory.
IMPORTSECRETS password filename
Description: impert secrets.
Arguments:
password - Password to unlock the secrets.
filename - Name of the file that contains the secrets.
INSTALLMS zipfilename password
Description: Install Managed Server package.
Arguments:
zipfilename - (Required) Package full file name.
password - (Required) Password to protect secrets.
INSTALLSERVICE systempassword systempassword (again) servertype [keystorepassword] [privatekeypassword] [ctkeystorepassword]
Description: (Windows) Installs the RSA Mobile service.
Arguments:
systempassword - The system password created during installation.
systempassword (again) - Re-enter the system password.
servertype - Possible values: managed | admin.
[keystorepassword] - The password that will be used to protect the RSA Mobile keystore.
[privatekeypassword] - The password used to unlock the private key file for SSL between Identity Manager and Authentication Server.
[ctkeystorepassword] - The password that will be used to protect the Cleartrust keystore.
MAPIDMGR ssoDomainName bapsURL aaURL
Description: Adds/updates a mapping between a Local Identity Manager and a Primary Identity Manager.
Arguments:
ssoDomainName - The domain for which the Identity Manager mapping will be used.
bapsURL - The URL of a servlet capable of generating a valid authentication cookie given a SAML artifact.
aaURL - The URL of a servlet capable of generating a SAML artifact given a valid authentication cookie.
MAPLDAP ldapname objectclass firstname lastname fullname userId email cell suspended bindingattribute
Description: Maps RSA user attributes to directory attributes.
Arguments:
ldapname - Name of primary directory server.
objectclass - The LDAP objectclass representing user data.
firstname - The LDAP attribute corresponding to first name.
lastname - The LDAP attribute corresponding to last name.
fullname - The LDAP attribute corresponding to full name.
userId - The LDAP attribute corresponding to user id.
email - The LDAP attribute corresponding to email address.
cell - The LDAP attribute corresponding to customer cell phone.
suspended - The LDAP attribute corresponding to whether a customer record is suspended or not.
bindingattribute - The LDAP binding attribute - must be one of the mapped attributes.
PROTECTADMINCONSOLE userId password hostName portNumber SSLPortNumber [authprovider(true/[false])]
Description: add this administration console on the given host to be protected.
Arguments:
userId - username to use for ldap update.
password - password for username.
hostName - fully qualified host name (e.g. def.xyz.com).
portNumber - port number (e.g. 7001).
SSLPortNumber - SSL port number (e.g. 7002).
[authprovider(true/[false])] - configure this ID Manager as the Authentication Provider for it's IP domain (default value is false).
REMOVEFULLADMIN userId
Description: Removes a full access administrator entry in the RSA branch.
Arguments:
userId - the LDAP user designated as full access adminstrator.
RMVAUTHPROVIDER authenticationDomainName
Description: removes an AuthenticationProvider domain object from LDAP.
Arguments:
authenticationDomainName - the domain for which authentication services are provided.
RMVIDMGRMAPPING ssoDomainName [ssoRemoveAll]
Description: Removes the mapping between a Local Identity Manager and a Primary Identity Manager.
Arguments:
ssoDomainName - The domain for which the Identity Manager mapping will be used.
[ssoRemoveAll] - whether to delete the primary and the local Identity Managers (true/[false]).
RMVLDAPFAILOVER ldapname failoverserver [failoverport]
Description: Removes a failover configuration to an existing directory configuration on the specified port or all ports if <failoverport> is not specified.
Arguments:
ldapname - The friendly name of the main directory server.
failoverserver - The fully qualified domain name of the directory server.
[failoverport] - The port on which the directory server runs.
RMVLOCALIDMGR bapsURL
Description: Removes a Local Identity Manager.
Arguments:
bapsURL - The URL of a servlet capable of generating a valid authentication cookie given a SAML artifact.
RMVPRIMARYIDMGR aaURL
Description: Removes a Primary Identity Manager.
Arguments:
aaURL - The URL of a servlet capable of generating a SAML artifact given a valid authentication cookie.
SETAUTHENTICATIONURL userId password authenticationhost authenticationport
Description: Set authentication url.
Arguments:
userId - Username to use for ldap update.
password - Password for username.
authenticationhost - (Required) the full name of host that provides basic authentication.
authenticationport - (Required) the port number of the authentication service.
SETLICENSE licensekey
Description: Adds a license..
Arguments:
licensekey - A valid license key.
SETSAMLCONFIG SAMLCONFIGFILEPATH
Description: Completely configure the SAML domain objects based on a SAML domain object configuration file.
Arguments:
SAMLCONFIGFILEPATH - This is the path and filename of the SAML domain object configuration file.
SHOWAUTHENTICATIONURL userId password
Description: Show authentication url.
Arguments:
userId - Username to use for login.
password - Password for username.
UNINSTALLSERVICE servertype
Description: (Windows) Uninstalls the RSA Mobile service.
Arguments:
servertype - Possible values: managed | admin.
UPDATEVERSIONPATCH userId password
Description: Sets the kit version and patch version in the LDAP.
Arguments:
userId - Username to use for ldap update.
password - Password for username.
USERCONFIG userId password operation filename [-rsamobile] [-stoponerror]
Description: Enables/Disables users for authentication and registers users for RSA Mobile.
Arguments:
userId - Username to use for LDAP update.
password - Password for username.
operation - (Required) Whether user authentication is to be enabled or disabled (-enabled | -disabled) .
filename - (Required) The file containing the comma separated list of user information in the form:
userId,PIN,cellPhoneNumber,operatorKey.
[-rsamobile] - (Optional) Indicates that the user should be registered for RSA Mobile authentication.
[-stoponerror] - (Optional) Specifies that the utility will stop processing when an error occurs.
Related Articles
Federated Directory - SAML Relying Party Configuration RSA Ready Implementation Guide Number of Views Federated Directory - SAML IDR SSO Configuration RSA Ready Implementation Guide Number of Views Federated Directory - SAML My Page SSO Configuration RSA Ready Implementation Guide Number of Views Federated Directory - RSA Ready Implementation Guide Number of Views Error: 'Relying Party servlet: java.lang.NullPointerException' in RSA Federated Identity Manager (FIM) Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
