Saturday, June 25, 2016

weblogic user password decrypt script and code

./wlst.sh /tmp/PasswordDecryptor.py /Oracle/Middleware/user_projects/domains/DomainName  {AES}YJKUITRFGTYUHH45YHHGGYFV879655HYU\=


import os
import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService
def decrypt(domainHomeName, encryptedPwd):
    domainHomeAbsolutePath = os.path.abspath(domainHomeName)
    encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeName)
    ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
    clear = ces.decrypt(encryptedPwd)
    print "RESULT:" + clear
try:
    if len(sys.argv) == 3:
        decrypt(sys.argv[1], sys.argv[2])
    else:
        print "INVALID ARGUMENTS"
        print " Usage: java weblogic.WLST decryptPassword.py DOMAIN_HOME ENCRYPTED_PASSWORD"
        print " Example:"
        print " java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE="
except:
    print "Unexpected error: ", sys.exc_info()[0]
    dumpStack()
    raise

Friday, June 24, 2016

OAM 11G - Custom Authentication Module

Jar needed for compilation

felix.jar"/>            
identity-provider.jar"/>
oam-plugin.jar"/>       
utilities.jar"/>        


package deepakdubey;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import oracle.security.am.engines.common.identity.api.IdentityStoreContext;
import oracle.security.am.engines.common.identity.api.IdmUser;
import oracle.security.am.plugin.ExecutionStatus;
import oracle.security.am.plugin.GenericTransportContext;
import oracle.security.am.plugin.MonitoringData;
import oracle.security.am.plugin.PluginConfig;
import oracle.security.am.plugin.authn.AbstractAuthenticationPlugIn;
import oracle.security.am.plugin.authn.AuthenticationContext;
import oracle.security.am.plugin.authn.AuthenticationException;
import oracle.security.am.plugin.authn.Credential;
import oracle.security.am.plugin.authn.CredentialParam;
import oracle.security.am.plugin.authn.PlugInUtil;

public class SampleAuthPlugin
  extends AbstractAuthenticationPlugIn
{
  private static final String CLASS_NAME = "SampleAuthPlugin";
 
  public String getDescription()
  {
    return "Description: SampleAuthPlugin";
  }
 
  public Map<String, MonitoringData> getMonitoringData()
  {
    return null;
  }
 
  public boolean getMonitoringStatus()
  {
    return false;
  }
 
  public String getPluginName()
  {
    return "SampleAuthPlugin";
  }
 
  public int getRevision()
  {
    return 0;
  }
 
  public ExecutionStatus process(AuthenticationContext authenticationContext)
    throws AuthenticationException
  {
      System.out.println("Entering process");
   ExecutionStatus executionStatus = ExecutionStatus.FAILURE;
   System.out.println("1");
   GenericTransportContext tc = authenticationContext.getTransportContext();
   System.out.println("2");
    try
    {
      String userid = (String)authenticationContext.getCredential()
        .getParam("KEY_USERNAME").getValue();
     
      System.out.println( "SampleAuthPlugin has determined user for clearing:" +
        userid);     
      String stepName = authenticationContext.getStringAttribute("StepName");     
      String domainName = PlugInUtil.getFlowParam(stepName, "domainName",
              authenticationContext);   
      System.out.println("3 --> domainName--->  "+domainName);
      Map<String, String> params = tc.getParameters();
      System.out.println( "Number of parameters: " + params.size());
      for (String k : params.keySet()) {
          System.out.println("Param: " + k);
          System.out.println("Value: " + tc.getParameterValue(k));
             if(k.equalsIgnoreCase("domainName")){
                 if (domainName.equalsIgnoreCase(tc.getParameterValue(k)))
                 executionStatus = executionStatus.SUCCESS;
             }
              }
     
     
      Map <String, Object[]> attrs = tc.getAttributes();
     
     
      System.out.println( "Number of attributes: " + attrs.size() );
      for (String s : attrs.keySet()) {
          System.out.println(" Attribute: " + s);
          Object[] vals = attrs.get(s);
            for ( int i=0;i<vals.length;i++ )
                System.out.println("Value [" + i + "]: " + vals[i].toString() + " ("+ vals[i].getClass().getName() + ")" );
      }
     
     
     
     }
    catch (Exception ex)
    {
        System.out.println("ex------->"+ex.getMessage());
      ex.printStackTrace();
    }
   
    System.out.println("Exiting process");
    return executionStatus;
  }

@Override
public void setMonitoringStatus(boolean arg0) {
    // TODO Auto-generated method stub
   
}
 

public ExecutionStatus initialize(PluginConfig config)
{
  super.initialize(config);
  return ExecutionStatus.SUCCESS;
}



 
}
----------------------------------------------------------------------------------------

META-INF/MANIFEST.MF

Manifest-Version: 1.0
Bundle-Version: 10
Bundle-Name: SampleAuthPlugin
Bundle-ManifestVersion: 2
Bundle-Activator: deepakdubey.SampleAuthPlugin
Bundle-SymbolicName: SampleAuthPlugin
Import-Package: org.osgi.framework;version="1.3.0",oracle.security.am.plugin,oracle.security.am.plugin.authn,oracle.security.am.plugin.impl,oracle.security.am.plugin.api,oracle.security.am.common.utilities.principal,oracle.security.idm,javax.security.auth

-------------------------------------------------------------------------------------------------


SampleAuthPlugin.xml

<Plugin type="Authentication">

<author>uid=deepakdubey</author>

<email>deepakdubey</email>

<creationDate>16:23:00 2015-03-09</creationDate>

<description>SampleAuthPlugin</description>

<configuration>
    <AttributeValuePair>
            <Attribute type="string" length="50">domainName</Attribute>
            <mandatory>false</mandatory>
            <instanceOverride>false</instanceOverride>
            <globalUIOverride>true</globalUIOverride>
            <value>Healthgrp</value>
        </AttributeValuePair>
       
</configuration>

</Plugin>
----------------------------------------------------------------------------------------------------------

Make a jar of this 3 files and upload via /oamconsole

Upload - > Refresh -> Distribute -> Refresh -> Activate -> Refresh -> Activate Failed.

backup oam-config.xml

modify activate_failed to activate
change NGAMConfiguration -> Version

 Save the file

Restart oam_servers and AdminServer.

WebLogic - Add a 3rd Server to an existing domain



1.      Login to the weblogic console and go to Environment-> Machines.


























Click “Lock & Edit”
Click create New

























1.      Click Next and fill the required details.
Type: Plain
Listen Address: 10.10.10.10 
Listen Port: 5556






































1.      Click Finish to create the machine.
Next, go to Environment -> Servers.







































1.      Click “Lock & Edit”
2.      Select oam_server2 and click Clone

































1.      Fill the details as below

































1.      Click OK
2.      After creation the details should look like below
a.      Name oam_server3
b.      Machine OAM_Machine3














































1.      Once the server is created.
2.      Start the oam_server3 through the weblogic console


























1.      One the server is started, login to the oamconsole and enter the details as below
2.      Go to Configuration->Server Instances
3.      Add a new server instance as below






  Click Apply
Now go to Access Manager->SSO Agents
Search all the existing agents and add the additional server.
























Add the additional server instance below