Access Management

Amster usage examples

In this section, you can find examples of tasks you can do with Amster.

For Amster examples in Docker and Kubernetes deployments, see the ForgeRock DevOps (ForgeOps) documentation.

Clone an Access Management instance

This example shows the high-level steps required to clone an AM instance, from exporting the configuration of the original instance, to installing the new instance and importing the configuration into it.

Follow these steps to clone an AM instance using Amster:

  1. Create a transport key in the original AM instance, if one does not exist already. Learn more in Create transport keys to export configuration data.

  2. Keep the transport key safe by exporting it to another keystore. The key is required to import the configuration into the new AM instance. Learn more in Duplicate and install a transport key.

  3. Connect to the original AM instance using the amster command. Learn more in Connect to AM.

  4. Export all the configuration of the original AM instance using the export-config command. Learn more in Export configuration data.

  5. Take note of the value of the Password Encryption Key field on the original AM, for example, O6QWwHPO4os+zEz3Nqn/2daAYWyiFE32.

    To locate it, log in to the original AM instance, and navigate to Deployment > Servers > Server Name > Security > Encryption.

  6. In the new server, deploy the AM .war file in a web container, but don’t configure it.

  7. Install the new AM instance using the install-openam command, specifying the original AM password encryption key with the --pwdEncKey option. For example:

    am> install-openam \
 --serverUrl https://openam.example.com:8443/openam \
 --adminPwd forgerock \
 --pwdEncKey O6QWwHPO4os+zEz3Nqn/2daAYWyiFE32 \
 --acceptLicense

    Learn more in Configure AM with Amster.

  8. Import the transport key of the original AM instance into the keystore of the new AM instance. Learn more in Duplicate and install a transport key.

  9. Connect to the new AM instance using the amster command. Learn more in Connect to AM.

  10. Import the configuration of the original AM instance using the import-config command. Learn more in Import configuration data.