This chapter shows how to backup and restore OpenAM configuration data. This chapter does not cover backup and restore of user data, which in a critical production system should be stored separately. Backup OpenAM stores service configuration data in a directory. During normal production operations, you rely on directory replication to maintain multiple, current copies of OpenAM service configuration. For disaster recovery, however, you backup to and restore the service configuration from XML, using the ssoadm command. Backup OpenAM service configuration using the ssoadm command. $ ssoadm export-svc-cfg -u amadmin -e fZatIu68OiqccJMXosSRyVjMsWJIx+SA -f /tmp/pwd.txt -o ~/backup-`date -u +%F-%m-%S`.xml Service Configuration was exported. In this example, the secret key for encrypting the password in -e fZatIu68OiqccJMXosSRyVjMsWJIx+SA was taken from the Password Encryption Key field in the OpenAM console under Configuration > Servers and Sites > Server Name > Security. Stop OpenAM. Back up the instance file that points to the configuration directory. This file is named after the instance location, such as $HOME/.openssocfg/AMConfig_path_to_tomcat_webapps_openam_, where $HOME is that of the user running the web container where OpenAM is deployed. Back up the files in the configuration directory. The content of the file you backed up in the previous step is the path to the configuration directory, such as $HOME/openam. Start OpenAM. Restoring The following steps restore OpenAM configuration data from backup as described in . If using the default OpenAM configuration data store, run ssoadm embedded-status to check the data store status to determine whether you must restore the configuration files including the embedded data store, or only the service configuration. Deploy the OpenAM web application as you did for installation, but do not start OpenAM or configure it. Restore files in the configuration directory as necessary. Restore the bootstrap files as necessary. Start OpenAM. Restore OpenAM service configuration using the ssoadm command. $ ssoadm import-svc-cfg -u amadmin -e fZatIu68OiqccJMXosSRyVjMsWJIx+SA -f /tmp/pwd.txt -X ~/backup-2011-09-13-09-00.xml Directory Service contains existing data. Do you want to delete it? [y|N] y Please wait while we import the service configuration... Service Configuration was imported. In a site configuration, you perform this step only once. If the password for amadmin has been changed through the OpenAM console, then use the bind password for the root DN of the configuration store. Restart OpenAM.