Monday, May 6, 2013

Reset forgotten password in OBIEE 11G RPD


In OBIEE 10g, If you forgot the repository (RPD) password, we can easily rest with simple straight configuration change (AUTHENTICATION_TYPE = BYPASS_NQS) in NQSConfig.ini file.This was a security breach in OBI 10g versions and it didn’t have had fix for it. Fix? Why?… Yes, as a developer we might still need such a (un)fair upshot. But it is a very dangerous security breach. If anyone gets the production RPD, he can simply bypass the rpd security and can deploy it to see the valuable data. As the OBI rpd doesn’t require someone to know the production Database password, the information theft is quite possible.
So unlike OBIEE 10G, The newer OBIEE 11G has a very tight security i.e. TWO level key authentication to open a RPD in online mode and one key (RPD password) in offline mode. Either of the modes cannot open the repository with some configuration changes. So be careful if you want to reuse the OBI repository, make sure that you have memorized the RPD password.  There is NO any reset process.
But however, you can get a password for an already deployed RPD. With the help of wlst script, you can get the forgotten OBI Repository password that is deployed earlier.
To know forgotten OBIEE11G Repository (RPD) password:
Login to weblogic EM (http://kishore:7001/em) and navigate to credentials store page.

Expand the key map: oracle.bi.enterprise. This is the key map which stores all the repository passwords that are deployed.

For the context of this blog post, I would like to show you how to know the forgotten password of a deployed repository.
In above image, I have 4 repositories and one scheduler schema keys in my credential key map. From the list, to get the password of “SampleAppLite_BI0001” repository, follow these steps:
  • Open command prompt,
  • E:\>cd <OBIEE_HOME>\oracle_common\common\bin
  • Run wlst scrpt: <OBIEE_HOME>\oracle_common\common\bin>wlst.cmd
  • Connect to weblogic domain with the command:

    connect(“<weblogic_AdminUser>”,”<weblogic_AdminUser_Password>”,”<Adminserver_Hostname>:<Admin_Portno>”) 
    e.g: wls:/offline> connect(“weblogic”,”weblogic123″,”kishore:7001″)Connecting to t3://localhost:7001 with userid weblogic …Successfully connected to Admin Server ‘AdminServer’ that belongs to domain ‘bifoundation_domain’.————
  • Run listCred() command to get the password of SampleAppLite_BI0001 repository
    wls:/bifoundation_domain/serverConfig>listCred(“oracle.bi.enterprise”,”repository.SampleAppLite_BI0001″)
    Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root.
    For more help, use help(domainRuntime)

    [Name : tempvalue, Description : null, expiry Date : null]
    PASSWORD:Admin1234
That’s it, you can see the password: Admin1234 for my SampleAppLite_BI0001 repository.