Tuesday, August 14, 2012

How to Recover the Admin Password of Weblogic Domain



In Any Weblogic Environment, It's common that we might forget the password.. Instead of resetting the password, we can recover the same old password.. it's quite simple just need to follow the below steps.
If you still don't want to go through all these. One of our WLA had done an awesome job of creating service..
http://recover-weblogic-password.appspot.com/


Step 1:  On the Linux server (I am logged in as Oracle) create a development directory
I created one called: /home/oracle/deve
Step 2:  Create a file called:  RecoverPassword.java and then copy in the following code

import weblogic.security.internal.BootProperties;
public class RecoverPassword {
public static void main(String[] args) {
String BPF =          
"/opt2/oracle/Middleware/user_projects/domains/IDMDomain/servers/wls_oif1/data/
nodemanager/boot.properties";
BootProperties.load(BPF, false);
BootProperties bootp = BootProperties.getBootProperties();
System.out.println(                             
"##############################[" + bootp.getOneClient() + 
         "/" + bootp.getTwoClient() + "]#############################");   } }
Step 3:  Compile:
javac -classpath /opt2/oracle/Middleware/wlserver_10.3/server/lib/weblogic.jar RecoverPassword.java
Step 4:  Copy WLS Startup File to development directory
cp /opt2/oracle/Middleware/user_projects/domains/IDMDomain/bin/startWebLogic.sh .
Step 5: Rename to: recoverPassword.sh
Step 6:  Edit recoverPassword.sh
${JAVA_HOME}/bin/java ${JAVA_VM} -version // this is an existing line
### Custom Code inserted to Recover Password ###
CLASSPATH=/home/oracle/deve/:$CLASSPATH; export CLASSPATH
echo $CLASSPATH
SERVER_CLASS=RecoverPassword; export SERVER_CLASS
doExitFlag=false; export doExitFlag
if [ "${WLS_REDIRECT_LOG}" = "" ] ; then // this is en existing line
Step 7:  Change to the domain home directory
cd /opt2/oracle/Middleware/user_projects/domains/IDMDomain/
Step 8:  Run the recoverPassword.sh script
/home/oracle/deve/recoverPassword.sh
Output will look like:
ware/Oracle_IDM1 -Xms512m -Xmx1024m -Xss512K -Djava.net.preferIPv6Addresses=true -DuseIPv6Address=true -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.management.discover=false -Djava.net.preferIPv6Addresses=true -Dweblogic.management.discover=true  -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/opt2/oracle/Middleware/patch_wls1032/profiles/default/sysext_manifest_classpath
RecoverPassword
##############################[weblogic/Passw0rd1]#############################
The password is displayed on the line with the hashmarks.


=====================================================================

Method-2----------------------------------------

Method-2
Recover Weblogic Admin, JDBC Connection Pool, Keystore Password : Decrypt Weblogic Admin, JDBC Connection Pool, Keystore Password

SerializedSystemIni.dat file is the most important security file of weblogic, this file contain the keys used to decrypt and encrypt the user and password. So in your environment make sure to secure your domain/security folder with proper permission. 

You can use this method to recover - 
  1. Decrypt your weblogic admin username and password using boot.properties file.
  2. Recover your database user passwords in case you have JDBC Connection pools configured by taking encrypt password from respective module xml file.
  3. To recover the keystore passwords


It's very short method

1. Make a file with name decryptpasswd.py under your_domain/security folder  with below   
    contents

#######################################################################

from weblogic.security.internal import *
from weblogic.security.internal.encryption import *

#This will prompt you to make sure you have SerializedSystemIni.dat file under #current directory from where you are running command
raw_input("Please make sure you have SerializedSystemIni.dat inside the current directory, if yes press ENTER to continue.")

# Encryption service
encryptionService = SerializedSystemIni.getEncryptionService(".")
clearOrEncryptService = ClearOrEncryptedService(encryptionService)

# Take encrypt password from user
pwd = raw_input("Please enter encrypted password (Eg. {3DES}Bxt5E3...): ")

# Delete unnecessary escape characters
preppwd = pwd.replace("\\", "")

# Decrypt password
print "Your password is: " + clearOrEncryptService.decrypt(preppwd)

################################################################################

2. Get your encrypt password
3. Now go to  your_domain/bin directory
4. Run . ./setDomainEnv.sh
5. Change directory to your_domain/security ( where you placed decryptpasswd.py script )
6. Run below command

     $ java weblogic.WLST decryptpasswd.py

You will be prompt to make sure you have SerializedSystemIni.dat file inside current directory from where you are running command, Press enter

Now you will be prompt to enter your encrypt password, paste your encrypt password and press enter

 ----------------------------------------------


Alternative Way

Did you forget your WebLogic Admin User password?

1st Step: Stop your Weblogic Server, if it's running
?
1
2
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/bin
oracle@server>./stopWebLogic.sh <your_server>

2nd Step: Source the necessary environment variables for your WebLogic Server
?
1
2
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/bin
oracle@server>./setDomainEnv.sh

3rd Step: Creation of a new WebLogic Server Admin User
?
1
2
3
4
5
6
7
8
9
10
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/security
# the first value after the command "java weblogic.security.utils.AdminAccount"
# is the new username
# the second value is the password for the new Admin User
# IMPORTANT !!! After the password value you must place a "." (dot) !!!!
# This command will update the DefaultAuthenticatorInit.ldift
# configuration file
oracle@server>java weblogic.security.utils.AdminAccount myadmin oracle11g .
4th Step: Delete the file DefaultAuthenticatormyrealmInit.initialized
?
1
2
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/servers/AdminServer/data/ldap
oracle@server>rm DefaultAuthenticatormyrealmInit.initialized

5th Step: Startup the WebLogic Server
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Depending if you are using a boot.properties file
# you must choose between the two following options
# a) Without boot.properties configuration file
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/bin
oracle@server> ./startWebLogic.sh <your_domain>
# Here you will be prompted for your WebLogic Server Admin User and his Password
# Use now your newly created Admin User
# b) With a configured boot.properties configuration file
# Remove your boot.properties configuration file
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/servers/AdminServer/security
oracle@server>rm boot.properties
# Startup your WebLogic Server
oracle@server>cd $MW_HOME/user_projects/domains/<your_domain>/bin
oracle@server> ./startWebLogic.sh
# Here you will be prompted for your WebLogic Server Admin User and his Password
# Use now your newly created Admin User

6th Step: Login to your WebLogic Server Console with your newly created Admin User and change the password of the original WebLogic Server Admin User "weblogic"
# Navigate to "Security Realms"
# There you'll see two Admin Users: weblogic and your newly created Admin User
# Change the password of the user weblogic

7th Step (optionally): If you was using a boot.properties configuration file before, you must recreate it with the new values for the Admin User and the reseted password





Posted by at
Labels: ,

2 comments:

  1. Jose Carvalho JrFebruary 27, 2014 at 5:42 AM

    Could you please give more details about Step 6: Edit recoverPassword.sh ???

    ReplyDelete
  2. Anything possible for allMay 8, 2014 at 7:39 PM

    Please try decryptpasswd.py it simple it will decrypt the admin password on the domain

    ReplyDelete

Subscribe to: Post Comments (Atom)