As you may know, Weblogic is a part of Enterprise Manager Cloud Control environment, and it’s automatically installed and configured by the EM installer. The Enterprise Manager asks you to enter a username and password for Weblogic administration. This information is stored in secure files, and you usually do not need them unless you need to use Weblogic console. So it’s easy to forgot these username and password, and that’s what happened to me. Fortunately there’s a way to recover them without even resetting new user/password. Here are the steps:
First we need to know DOMAIN_HOME directory. My OMS is located in “/u02/Middleware/oms”. You can find yours if you read “/etc/oragchomelist”. If the full path of OMS is “/u02/Middleware/oms”, my middleware home is “/u02/Middleware/”. Under my middleware home, I need to go GCDomains folder:
1 2 |
oracle@db-cloud /$ cd /u02/Middleware oracle@db-cloud Middleware$ cd gc_inst/user_projects/domains/GCDomain |
First let’s get the encrypted information from boot.properties file:
1 2 3 4 5 |
oracle@db-cloud GCDomain$ cat servers/EMGC_ADMINSERVER/security/boot.properties # Generated by Configuration Wizard on Wed Jun 04 10:22:47 EEST 2014 username={AES}nPuZvKIMjH4Ot2ZiiaSVT/RKbyBA6QITJE6ox56dHvk= password={AES}krCf4h1du93tJOQcUg0QSoKamuNYYuGcAao1tFvHxzc= |
The encrypted information starts with {AES} and ends with equal (=) sign. To decrypt the username and password, we will create a simple java application:
1 2 3 4 5 6 7 8 9 10 |
oracle@db-cloud GCDomain$ cat recoverpassword.java public class recoverpassword { public static void main(String[] args) { System.out.println( new weblogic.security.internal.encryption.ClearOrEncryptedService( weblogic.security.internal.SerializedSystemIni.getEncryptionService(args[0] )).decrypt(args[1])); } } |
Save it as “recoverpassword.java”. To be able to compile (and run) it, we need to set environment variables (we’re still in GCDomain folder). We’ll give the encrypted part as the last parameter:
1 2 3 4 5 6 |
oracle@db-cloud GCDomain$ . bin/setDomainEnv.sh oracle@db-cloud GCDomain$ javac recoverpassword.java oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpassword \ $DOMAIN_HOME {AES}nPuZvKIMjH4Ot2ZiiaSVT/RKbyBA6QITJE6ox56dHvk= oracle@db-cloud GCDomain$ java -cp $CLASSPATH:. recoverpassword \ $DOMAIN_HOME {AES}krCf4h1du93tJOQcUg0QSoKamuNYYuGcAao1tFvHxzc= |
I intentionally break the lines to make the code fits the page but you don’t need to do it. Correct CLASSPATH and DOMAIN_NAME are set when we issued “. bin/setDomainEnv.sh” command. When we run the last two commands, we should see the weblogic administrator username and password in plain text. By the way, even if you use the same password with me, you may see different encrypted text because when encrypting and decrypting, weblogic uses the cypher key stored in “security/SerializedSystemIni.dat” file. So as long as the cypher key is different, you get different encrypted text for even same input.
Nesir Ahmet
Gokhan Atil
Talip Hakan Ozturk
Nesir Ahmet
Murthy
Gokhan Atil
iftequar mohammed
Pingback: How to Upgrade Oracle Enterprise Manager Cloud Control 12c to EM13c | Gokhan Atil's Oracle Blog
nnarimanov
Roberto
djobbimohamed
comrade
Joseph Thangaraja
Nico
paul
kamm
Emre
Phil Broughton
Atul
Imran Md
MAN MOHAN KUMAR
Andrew
Shobha
Frank lee
CD
den
Damu
Anand Doraiswamy