Thursday, March 9, 2017

Password Encryption and Decryption in OIM

Prerequisites:

Set below environment variables with proper values/paths, which are required to run utility.
Note: These variables configured as per my local environment and you need make changes according to your environment. Please make sure configured these variables on box having OIM installed.

  • export JAVA_HOME=/usr/local/jdk24/jdk1.6.0_24
  • export PATH=/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/home/pandharinath.mahalle/bin:$JAVA_HOME/bin
  • export MW_HOME=/home/oracle/Middleware
  • export WL_HOME=$MW_HOME/wlserver_10.3
  • export ORACLE_COMMON_HOME=$MW_HOME/oracle_common
  • export ORACLE_OIM_HOME=$MW_HOME/Oracle_IDM1
  • export DOMAIN_HOME=/home/oracle/Middleware/user_projects/domains/base_domain
  • export CLASSPATH=$ORACLE_OIM_HOME/server/platform/iam-platform-utils.jar:$WL_HOME/server/lib/wlfullclient.jar:$ORACLE_OIM_HOME/designconsole/ext/spring.jar:$ORACLE_OIM_HOME/designconsole/lib/oimclient.jar:$ORACLE_OIM_HOME/designconsole/ext/commons-logging.jar:$ORACLE_COMMON_HOME/modules/oracle.jrf_11.1.1/*:$ORACLE_OIM_HOME/modules/oracle.jps_11.1.1/*:$ORACLE_OIM_HOME/modules/*:$ORACLE_COMMON_HOME/modules/oracle.osdt_11.1.1/*:$ORACLE_OIM_HOME/modules/oracle.iau_11.1.1/*:$ORACLE_OIM_HOME/inventory/Scripts/ext/jlib/glassfish.jaxb_1.0.0.0_2-1-12.jar:$CLASSPATH 

 

 Decryption Utility:

1. Create DecryptPassword.java file on linux box having OIM installed and configured above env variables. 

2.  Write below code in it.

import com.thortech.xl.crypto.*;

    public class DecryptPassword {
        public static void main(String[] args) throws Exception {
        if(args.length >= 1){
            DecryptPassword oDecryptPwd = new DecryptPassword();
           String param = args[0];
           System.out.println("Password after decryption:" +oDecryptPwd.getDecryptedPassword(param));
        }             
    }
         
    public String getDecryptedPassword(String encryptedPwd) throws tcCryptoException{
        String decryptedPwd = tcCryptoUtil.decrypt(encryptedPwd,"DBSecretKey");
        return decryptedPwd;
    }
}

 3. Compile it using below command.
javac DecryptPassword.java

4. Run it using below command.
java -Doracle.security.jps.config=$DOMAIN_HOME/config/fmwconfig/jps-config.xml -DDOMAIN_HOME=$DOMAIN_HOME DecryptPassword 8650:OIuWk+mYHr6dCNKJfcbl4f9dfK6WidqzaSY47d21oh8=

Sample Input/Output:
Input : 8650:OIuWk+mYHr6dCNKJfcbl4f9dfK6WidqzaSY47d21oh8=
Output :  Welcome@123654

Encryption Utility:

1. Create EncryptPassword.java file on linux box having OIM installed and configured above env variables. 

2.  Write below code in it.

import com.thortech.xl.crypto.*;

public class EncryptPassword {
    public static void main(String[] args) throws Exception {
        if(args.length >= 1){
            EncryptPassword oEncryptPwd = new EncryptPassword();
                                    String param = args[0];
                                    System.out.println("Password after encryption: "+oEncryptPwd.getEncryptedPassword(param));
                    }         
    }
   
                public String getEncryptedPassword(String decryptedPwd) throws tcCryptoException{
        String encryptedPwd= tcCryptoUtil.encrypt(decryptedPwd,"DBSecretKey");
        return encryptedPwd;
    }
}
  
3. Compile it using below command.
javac EncryptPassword.java

4. Run it using below command.
java -Doracle.security.jps.config=$DOMAIN_HOME/config/fmwconfig/jps-config.xml -DDOMAIN_HOME=$DOMAIN_HOME EncryptPassword Welcome@123

Sample Input/Output:
Input : Welcome@123654
Output :   1164:4OQStpGN4yYTIkOzTcuIbrMx/rZwD6YoW2AcE5O6Vo4=

 

Posted by at

6 comments:

  1. moeezOctober 10, 2017 at 7:30 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  2. samDecember 14, 2017 at 11:31 AM

    Do i need to have weblogic server running locally to try this code.i am seeing the following error
    WLS ManagedService is not up running. Fall back to use system properties for configuration.
    JPS Exception started ============
    oracle.security.jps.service.idstore.IdentityStoreException: JPS-00056: Failed to create identity store service instance idstore.ldap.provider:idstore.ldap. Reason: weblogic.security.service.SecurityServiceRuntimeException: The WLS ManagementService has not been initialized..

    ReplyDelete
  3. qwerMarch 25, 2019 at 12:39 AM

    I'm running same code as given above and getting following error. I'm running code on server where weblogic and OIM are installed

    Mar 25, 2019 1:36:23 AM oracle.iam.platform.utils.config.CSFCredentialProvider getPassword
    SEVERE: IAM-0077002
    oracle.security.jps.service.idstore.IdentityStoreException: JPS-00056: Failed to create identity store service instance idstore.ldap.provid er:idstore.ldap. Reason: weblogic.security.service.SecurityServiceRuntimeException: The WLS ManagementService has not been initialized..
    at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getIdStoreConfig(LdapIdentityStoreProvider.java:175)
    at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.access$200(LdapIdentityStoreProvider.java:90)
    at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider$NoLibOvd.getInstance(LdapIdentityStoreProvider.java:224)
    at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:116)
    at oracle.security.jps.internal.idstore.ldap.LdapIdentityStoreProvider.getInstance(LdapIdentityStoreProvider.java:90)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
    at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:159)
    at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:165)
    at oracle.iam.platform.utils.config.CSFCredentialProvider.getPassword(CSFCredentialProvider.java:74)
    at oracle.iam.platform.utils.config.standalone.StandAloneCryptoConfig.getPassword(StandAloneCryptoConfig.java:76)
    at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.initKeyStore(tcDefaultDBEncryptionImpl.java:67)
    at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.getCipher(tcDefaultDBEncryptionImpl.java:99)
    at com.thortech.xl.crypto.tcDefaultDBEncryptionImpl.decrypt(tcDefaultDBEncryptionImpl.java:218)
    at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:122)
    at com.thortech.xl.crypto.tcCryptoUtil.decrypt(tcCryptoUtil.java:163)
    at DecryptPassword.getDecryptedPassword(DecryptPassword.java:13)
    at DecryptPassword.main(DecryptPassword.java:8)
    Caused by: weblogic.security.service.SecurityServiceRuntimeException: The WLS ManagementService has not been initialized.
    at weblogic.security.utils.IdentityStoreConfigUtil.getSecurityConfiguration(IdentityStoreConfigUtil.java:138)
    at weblogic.security.utils.IdentityStoreConfigUtil.getLdapStoreConfig(IdentityStoreConfigUtil.java:84)
    at oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider.getIdentityStoreConfig(WlsLdapIdStoreConfigProvider.java:9

    ReplyDelete
  4. Harri KaukovuoJune 14, 2019 at 5:31 AM

    Change jps-config.xml to jps-config-jse.xml to get rid of above errors.

    ReplyDelete
  5. Devi.AngularjsOctober 7, 2019 at 8:58 PM

    Great Article
    Cyber Security Projects for CSE Students


    JavaScript Training in Chennai



    Project Centers in Chennai




    JavaScript Training in Chennai

    ReplyDelete
  6. AnonymousSeptember 25, 2024 at 11:16 AM

    For OIM 12c what to do?? Some Classpath libraries not there

    ReplyDelete

Subscribe to: Post Comments (Atom)