Importing a Policy from a File

The Policy Manager allows you to import a policy into the policy development window from a file. This ensures policy consistency and saves configuration time. Importing a policy is particularly useful for sharing policies with external departments, partners, and others who have separate Gateway installations.
gateway92
The Policy Manager allows you to import a policy into the policy development window from a file. This ensures policy consistency and saves configuration time. Importing a policy is particularly useful for sharing policies with external departments, partners, and others who have separate Gateway installations.
The imported XML file encapsulates all of the originating policy information. Any disabled assertions in the imported policy will remain disabled after import.
When importing a policy using the browser client version of the Policy Manager, the Java applet must be running in the trusted mode. For more information, see Policy Manager Browser Client.
When importing encapsulated assertions, do not use the policy import feature if you want to import an encapsulated assertion. To correctly import an encapsulated assertion, use the Import button in the Manage Encapsulated Assertions Configuration dialog.
Note the following security zone considerations:
  • If the policy being imported belongs to a security zone, you must have a security role that permits updating of the policy.
  • If the policy being imported contains assertions that have been placed in a security zone, you must have a security role that has Read permissions for those assertions, otherwise you will not be able to save the imported policy.
To import a policy from a file:
  1. Make sure the service that is receiving the imported policy is open. If not, double-click the service in the Services and Policies list, or right-click the service name and select Active Policy Assertions. The policy development window appears.
  2. Import your policy using either of the following methods:
    Method
    Description
    Import from "Policy Templates"
    (Standard client only)
    Use this method if the policy you want is visible under the Policy Templates section of the [Assertions] tab. This method is not available in the browser client version of Policy Manager.
    Do one of the following:
    • Drag and drop the policy you want from the Policy Templates section into the policy development window.
    • Select the template in the Policy Templates section and click the Add Assertion button in the Assertions Tool Bar.
    Import from any file
    (Standard and Browser client version)
    Use this method to import version 3.0 or later XML policy files.
    In the browser client, importing is possible only when the Java applet is running in the trusted mode.
     
    1. Click [
      Import Policy
      ] on the Policy Tool Bar. The default folder for storing saved templates appears.
    2. Select the template to import. If the policy was not stored in the default location, navigate to the correct folder first.
    3. Click [
      Open
      ].
    When you import a policy, the target policy in the policy development window is completely replaced by the elements in the incoming policy template. These include policy assertions, policy fragments, identity providers, JMS destination references, and any custom assertion, if present.
  3. Before importing the policy into the policy development window, the Policy Manager automatically attempts to resolve the back-end requirements of the imported policy against the back-end configuration of the target policy's Gateway.
    • If the automatic reconciliation is successful, the imported policy will appear in the policy development window.
    • If the automatic reconciliation is not successful, the Resolve External Dependencies Wizard appears. Use this wizard to instruct the Policy Manager how to handle each unresolved element.
    The wizard appears if the imported policy contains references to elements that are not present on the target system. This will typically happen if the policy came from another system or if the policy refers to an element (for example, a user or group) that had been deleted since the policy was originally exported.
    The Policy Manager compares the object-level property values of the imported identity provider with each identity provider configured in the target Gateway. A difference in even one value will cause a reconciliation failure.
  4. The routing assertion(s) and other assertions in the policy development window are specific to the service that originated the policy. Edit the assertions for the target service as required:
    • See Message Routing Assertions to re-configure the replaced routing assertion with service-specific information
    • See Policy Assertions Overview to re-configure other assertions as required.
    Ensure that policy edits conform to the policy and assertion rules outlined in Policy Organization.
  5. Finish the import procedure by doing the following:
    • Proceed to Validating a Policy to perform a final validation check on the policy. When the policy passes the validation process, enable the service, if necessary
    • If the imported policy contains a Validate XML Schema assertion that includes an import statement, then you will need to resolve the external reference(s) using the Manage Global Resources task.
    • (Optional) Export the validated policy as a new policy template, or use it to replace an existing template. This provides a backup of your policy for safekeeping.