Sunday, January 31, 2010

OBIEE Reset OC4J Admin password

Didn’t I read about this in several other blogs you might ask. Well you are right there. It probably started with the guys from carpe diem: http://carpediemconsulting.wordpress.com/2008/03/16/resetting-the-oc4j-password-in-obiee/ And since all the others copied there article from them nobody noticed they didn’t clear the security cache. Here is the version from the original documentation:

Stop OC4J and the Application Server Control.
Enter the following command in the Oracle home of the application server instance:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=OC4J
(Windows) ORACLE_HOME\opmn\bin\opmnctl stopproc ias-component=OC4J Locate and open the following file in a text editor:
(UNIX)ORACLE_HOME/j2ee/home/config/system-jazn-data.xml
(Windows)ORACLE_HOME\j2ee\home\config\system-jazn-data.xml

Locate the line that defines the credentials property for the oc4jadmin user.
The following example shows the section of system-jazn-data.xml with the encrypted credentials entry in boldface type:


<jazn-realm>
<realm>
<name>jazn.com</name>
<users>
.
.
.
<user>
<name>oc4jadmin</name>
<display-name>OC4J Administrator</display-name>
<description>OC4J Administrator</description>
<credentials>{903}4L50lHJWIFGwLgHXTub7eYK9e0AnWLUH</credentials>
</user>

Replace the existing encrypted password with the new password.

Be sure to prefix the password with an exclamation point (!). For example:
<credentials>!mynewpassword123</credentials>

The password for the oc4jadmin user should conform to following guidelines:

  • Must contain at least five characters, but not more than 30 characters.
  • Must begin with an alphabetic character. It cannot begin with a number, the underscore (_), the dollar sign ($), or the number sign (#).
  • At least one of the characters must be a number.
  • Can contain only the following characters; numbers, letters, and the following special characters: US dollar sign ($), number sign (#), or underscore (_).
  • Cannot contain any Oracle reserved words, such as VARCHAR.

Delete cached password data by deleting the contents of the following directory:


(UNIX) : ORACLE_HOME/j2ee/oc4jinstance/persistence/ascontrol/ascontrol/securestore/
(Windows): ORACLE_HOME\j2ee\oc4jinstance\persistence\ascontrol\ascontrol\securestore/


Start OC4J and the Application Server Control.

After the restart, the Application Server Control will use your new Administrator (oc4jadmin) password, which will be stored in encrypted format within the system-jazn-data.xml file.

By the way is you have installed OC4J on a windows box it’s much easier to retrieve the password. Goto START > Oracle Business Intelligence :



image 
Rightclick on Stop OC4J, goto properties, open the shortcut tab:


image 

The password is right there ;-)

Till Next Time

This article is also published on http://knowledge.ciber.nl

2 comments:

Christian Berg said...

Yaaay security!

I bet you just made some people rush very frantically to their OBIEE boxes.

Cheers,
C.

Anonymous said...

thanks man.u have just saved the day