No, not really, but then that's not actually the approach I would take.
Instead I'd be figuring out why the metadata is changing, what precisely is different in it, then lookig at the implications of this change.
For example:
- If the entity ID is changing, then its really a completely new partner definition and both can co-exist for the same federation.
- If only the signature validation or encryption key is changing then also check if its just a cert refresh with the same DN as your current key, and follow one of the patterns for automatic key rollover (see documentation related to advanced configuration property kess.keySelectionCriteria). Start with Table 9 at https://www.ibm.com/docs/en/sva/10.0.8?topic=information-saml-20-service-provider-worksheet
- If one or more of the URLs are changing, can you just update them without having to import then entire new metadata file?
Bottom line - figure out what is driving the metadata update, and build a plan around that.
------------------------------
Shane Weeden
IBM
------------------------------
Original Message:
Sent: Wed October 30, 2024 09:53 AM
From: paul molenda
Subject: how to backup federation partner ?
Is there any way to backup ISAM federation partner
e.g. before importing a new metada for that partner ?