Migrate Federated Certificate Using Graphman from source Gateway to Target
search cancel

Migrate Federated Certificate Using Graphman from source Gateway to Target

book

Article ID: 426422

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

We’re trying to manage and update the federated certificate through the Graphman CLI, but we’re getting error below :

Graphman Input request:

{

  "federatedIdps": [

    {
       "name": "some-fip",
        "supportsSAML": false,
        "supportsX509": true,
        "trustedCerts": [
            {
                "name": "apigateway.example.com",
                "thumbprintSha1": "c1234567897a4e885999d981c69a9a504Edited""
            }
        ]
    }
  ],


  "trustedCerts": [
    {
      "name": "apigateway.example.com",
      "subjectDn": "CN=apigateway.example.com, O= CompanyName, Inc L=Location, ST=State, C=US",
      "thumbprintSha1": "c1234567897a4e885999d981c69a9a504Edited",
      "verifyHostname": false,
      "trustAnchor": false,
      "trustedFor": [
        "SSL",
        "SIGNING_SERVER_CERTS"
      ],
      "revocationCheckPolicyType": "USE_DEFAULT",
      "notBefore": "2025-09-24T20:00:00Z",
      "notAfter": "2026-09-24T19:59:59Z",
      "certBase64": 
      "MII-EDITEDCertValue.............=="
    }
  ]
}


Response:

{
    "data": {
        "setTrustedCerts": {
            "detailedStatus": [
                {
                    "action": "NEW_OR_UPDATE",
                    "status": "CREATED",
                    "source": [
                        {
                            "name": "thumbprintSha1",
                            "value": "c1234567897a4e885999d981c69a9a504Edited"
                        }
                    ],
                    "target": [
                        {
                            "name": "goid",
                            "value": "48264ec1c38f450e3140b37Edited"
                        }
                    ]
                }
            ]
        },
        "setFederatedIdps": {
            "detailedStatus": [
                {
                    "action": "NEW_OR_UPDATE",
                    "status": "ERROR",
                    "description": "Error creating or updating ID_PROVIDER_CONFIG entity, TrustedCert is not found with thumbprintSha1=c1234567897a4e885999d981c69a9a504Edited",
                    "source": [
                        {
                            "name": "name",
                            "value": "some-fip"
                        }
                    ]
                }
            ]
        }
    },

    "errors": [
       {
            "message": "Rolled back the transaction due to errors"
        }
    ]

Environment

CA API Gateway 11.1.x

Cause

Graphman Cli queries/mutation field methods used and process flow.

Resolution

1. As of now, user needs to consider consolidating the federated details using multiple queries.

Retrieve federated idps along with their users and groups:
graphman export --gateway <source> --using federatedIdps --output federatedIdps.json
graphman export --gateway <source> --using federatedUsers --output federatedUsers.json
graphman export --gateway <source> --using federatedGroups --output federatedGroups.json

2. Then combine them into single bundle:
graphman combine --inputs federatedIdps.json federatedUsers.json federatedGroups.json --output federated.json

3. Now, we've single bundle named federated.json containing all the details.
Let's use it at target gateway.
graphman import --gateway <target> --input federated.json

That's it. If all goes well, federated details are successfully migrated from source gateway to target.

Powered by Wolken Software