Versions Compared

Old Version 2

changes.mady.by.user Daliya Agletdinova

Saved on

compared with

New Version Current

changes.mady.by.user Daliya Agletdinova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Open the file ...SAMMigration\CertiFlow.Migrate.SAM.exe.config as administrator in a text editor (for example, Notepad) and fill in the following sections:

  • samSettings - SAM data storage connection parameters:

    • MsCAConnectorId - identifier of the connector to Microsoft CA. The value of the parameter can be found in the xml file of the connector in the SAM directory. The default value is: {1A30B883-CD69-4cbb-8D61-E72E9697D8B1}.

      Note

      Default path C:\Program Files\SafeNet\Authentication\SAM\x64\Bin\MsCAConnectorDescriptor.xml


    • connectionString - path to xml file (in the file name, name of the domain where SAM is deployed) with information for connecting to the SAM server.

      Note

      Default path C:\ProgramData\SafeNet\Authentication\SAM\


  • migrateSAMSettings - data migration parameters:
    • ignoreCMCertificateTemplateNotFoundError - card import parameter.
      Two values are possible:
      • true - imports from SAM the card and only those certificates on it, for which there is a template created in the Axidian CertiFlow policy.

      • false - card is not imported from SAM, if Axidian CertiFlow policy does not have at least one template for a certificate issued in SAM.

        Note

        This does not stop the process of importing cards in either case. The attribute is optional, the default value is "false".


    • notIssuedTokenAdminPin - If the card in SAM is in the "registered" state and has never been issued, this parameter specifies the administrator PIN that will be set on the card after transferring it to Axidian CertiFlow.
    • issuedTokenAdminPin - if the key-carrier in SAM is in any other state and was issued without initialization, the parameter specifies the administrator PIN, which will be set on the card after migration it to Axidian CertiFlow.

    • tokenTypes - a section that should list all cards that need to be migrated from SAM to Axidian CertiFlow. You must specify the card model (token, smart card), product name, card color and ATR (Answer To Reset) value.

      Warning

      The ATR value for each card can be obtained from the manufacturer or with third-party software by contacting Axidian technical support.

      If the CertiFlow.Migrate.SAM.exe utility encounters a card with a model and product name that are not specified in the tokenTypes section, such cards will not be migrated to the CertiFlow storage, and the utility will display the corresponding error.


  • adPersistenceSettings - parameters of connection to the CertiFlow data repository located in Active Directory. The contents of this section must be identical to the contents of the same name section of the Axidian CertiFlow Management Console configuration file (cm\Web.config).
  • sqlPersistenceSettings - the parameters of connection to the CertiFlow datastore in Microsoft SQL environment. By default this section is commented out with the following characters: <! - - . . . - ->. The contents of the section must be identical to the contents of the same name section of the Axidian CertiFlow Management Console configuration file (cm\Web.config).
  • adUserCatalogSettings - parameters of connection to the Axidian CertiFlow user catalog, located in Active Directory. The contents of the section must be identical to the contents of the same name section of the Axidian CertiFlow Management Console configuration file (cm\Web.config).
  • Save the changes.

An example of the populated sections of the CertiFlow.Migrate.SAM.exe.config file is shown below. In the example, SAM is deployed in the demo.local domain, the SAM repository, Axidian CertiFlow, and the user catalog in Active Directory.

Code Block
languagexml
titleExample of a completed section:
<samSettings MsCAConnectorId="{1A30B883-CD69-4cbb-8D61-E72E9697D8B1}"
connectionString="C:\ProgramData\SafeNet\Authentication\SAM\demo.local.xml" />
<migrateSAMSettings ignoreCMCertificateTemplateNotFoundError="true"
notIssuedTokenAdminPin="adminpass"
issuedTokenAdminPin="adminpass2">
<tokenTypes>
<tokenType model="Token 12.0.0.0 12.0.12"
productName="SafeNet eToken 5110"
color="8"
atr="3bd5180081313a7d8073c8211030" />
<tokenType model="Token JC"
productName="eToken PRO Java 72K OS755"
color="4"
atr="3bd518008131fe7d8073c82110f4" />
</migrateSAMSettings>
<adPersistenceSettings path="LDAP://CN=IndeedAxidian CMCertiFlow,CN=Indeed IdentityAxidian,
DC=demo,DC=local" userName="DEMO\cmadmin" password="Password1"
cryptoAlgName="AES"
cryptoKey="11d2f5051684451860ad177ebc39b55cacaf2a0a843b05ddf273b955c93ae015" />
<adUserCatalogSettings>
<rootContainers>
<container path="LDAP://OU=SAM_USERS,DC=demo,DC=local" userName="DEMO\cmadmin"
password="Password1" />
</rootContainers>
</adUserCatalogSettings>