Skip to main content

Resetting, exporting, and importing settings

Best practice

Prior to making any changes to this area of the product it is highly recommended to make a backup of your current (working) authentication configuration using the standard authcfg utility.

You can reset, export, and import authentication chain settings by using the authcfg utility.

You can export settings, for example to save a snapshot of settings to import into another instance. To do this, run the following command:

authcfg.exe -export

This exports authentication chain settings to a file named by the current date and time; for example, authcfg-20100421-123425.exp. You can also specify a filename and location:

authcfg.exe -export <path/file>

The exported configuration files can be manually edited with a plain-text editor and imported using the command:

authcfg.exe -import <file>

Reset original default settings with the following command:

authcfg.exe -reset

When you use the -import or -reset argument, existing authentication chain settings are automatically exported to a backup file before new or default values are imported.

See more information about authcfg usage.

Notes

The -export and -reset parameters only save the built-in authentication chains configuration. Any custom component configuration should be saved separately using the procedures described in Migrating component configuration and data. The reset operation will revert the DEFAULT_LOGIN configuration to defaults and leave any custom authentication chains or component configuration untouched. This is sufficient to restore the sign-in process in case it was accidentally broken by configuration changes.

If the select_module that ships with Bravura Security Fabric as part of the DEFAULT_LOGIN chain is deleted, the related unique "modguid" (CfgID) will also be deleted; this will and break the configuration of all hid_authchain_* components.

Even if a new module with the same configuration is added back, it will have a different CfgID. To override the CfgID value with defaults you may use the following steps:

  1. Export the authentication chain configuration to file:

    authcfg -export authcfg-temp.kvg

  2. Edit the authcfg-temp.kvg file and replace the CfgID ("modguid") with a known default value.

  3. Import the authchain configuration back:

    authcfg -import authcfg-temp.kvg

If a configuration change accidentally breaks access to the instance, an already logged in product administrator (or superuser) can enable temporary access by simply disabling the front-end login via Manage the system> Policies> Authentication chains> Front-end login> Disable . This will allow access via password or security questions.

If an administrator was not logged in, and access to the WebUI is lost, a working backup of the authentication chains configuration can be restored:

authcfg -import authcfg-working.kvg

If no working version of the authchain configuration was saved, the current config can be exported and cleared, reverting access to the default choice of passwords and security questions. The non-working configuration can be inspected for errors and re-imported:

authcfg -export authcfg-broken.kvg
authcfg -reset
In this section: