SAML Restore Tool

A configuration driven custom Gogo Shell Command that can be used to restore a non-prod environments SAML Configuration

Michael Wall
Michael Wall
A Minute Read

What is it?

  • The SAML Restore Tool is a configuration driven custom Gogo Shell command that can be used to restore a non-prod environments SAML Configuration e.g. after a prod backup is restored into the environment.

What are the benefits?

  • Support good practice of regularly restoring prod data into non-prod environments
  • Supports security good practice of prod and non-prod environments using separate SAML IdPs, Certificates and Private Keys etc.
  • Ensures that the SAML SP Metadata XML doesn't change, meaning it doesn’t need to be re-shared with the IdP team each time
  • Removes the manual effort of re-configuring SAML post-database restore

Features

  • Works in Liferay PaaS and Self Hosted *
    • Tested in Liferay DXP QR 2025.Q1 LTS and Liferay DXP 7.4 U92
  • Easy to run custom Gogo Shell Command samlRestoreTool:restoreSamlConfig
  • Configuration as Code
    • Tool configuration managed in DXP Cloud Repository:
    • liferay/configs/[ENV]/saml-restore-tool-config/virtual-instances
    • Dedicated KeyStore per Virtual Instance
    • KeyStore and Certificate passwords stored securely as Liferay PaaS Secrets
  • Handles Liferay DXP environments with multiple Virtual Instances
  • Handles Virtual Instances with multiple SAML Identity Provider Connections

* Liferay SaaS is not supported. This is an OSGi module because the /v1.0/saml-provider headless REST APIs are BETA, incomplete and abandoned. For example they don’t handle SAML Certificate management.

Known Limitations

  • Liferay DXP environment acting as a SAML Identity Provider (IdP) not handled
    • Liferay DXP is typically used as a SAML Service Provider (SP)
  • ALL environments (prod and non-prod) must be using the Document Library Keystore Manager
    • Document Library Keystore Manager is recommended for Liferay PaaS anyway
    • Steps to switch the Keystore Manager are included in the README
  • SAML Admin > Identity Provider Connections > Connection setting 'Keep Alive URL' value reset…
    • This can be manually updated via the SAML Admin GUI if used

Resources

  • Github Repository containing the module source code

  • README for detailed instructions including setup and usage. Please read the README fully before attempting to use.

Page Comments

Related Assets...

No Results Found

More Blog Entries...

Ben Turner
October 21, 2025
Michael Wall
October 14, 2025
YOGESH CHANDRA
October 08, 2025