Monday, September 10, 2012

Resetting the expired OIM Password in OAM

Resetting The expired OIM database schema Password in OAM 


We need to reset the Password for the OIM in the OAM when the password is expired the managed server will go to the admin mode 

Step1
Check the database default profile for the password expiry days  parameter if we needed it we can change it to the unlimited or you can continue with the 180 days ..if it is 180 days the default value we have to reset the password before 180 days every time

To Check the profile

 SELECT * from dba_profiles WHERE profile='DEFAULT' and resource_type='PASSWORD'

PROFILE                        RESOURCE_NAME                          RESOURCE LIMIT
------------------------------ --------------------------------         -------- ----------------------------------------
DEFAULT                        FAILED_LOGIN_ATTEMPTS              PASSWORD 10
DEFAULT                        PASSWORD_LIFE_TIME                      PASSWORD 180
DEFAULT                        PASSWORD_REUSE_TIME                  PASSWORD UNLIMITED
DEFAULT                        PASSWORD_REUSE_MAX                   PASSWORD UNLIMITED
DEFAULT                        PASSWORD_VERIFY_FUNCTION      PASSWORD NULL
DEFAULT                        PASSWORD_LOCK_TIME                    PASSWORD 1
DEFAULT                        PASSWORD_GRACE_TIME                 PASSWORD 7


Connect as sys as sysdba and execute the following command to identify the status of the db user and the component

SELECT owner, comp_name, version, status, upgraded
           FROM schema_version_registry
           WHERE comp_name like '%Oracle%'
           ORDER BY 1  2    3    4  ;

OWNER                COMP_NAME                      VERSION                        STATUS      U
-------------------- ------------------------------ ------------------------------              ----------- -
FA_OAM               Oracle Access Manager          11.1.1.3.0                         VALID       N
FA_OIM               Oracle Identity Manager          11.1.1.5.0                         VALID       N


Verify the status of the user 

SQL> select USERNAME,EXPIRY_DATE,LOCK_DATE,ACCOUNT_STATUS from dba_users
  2  where username like '%FA%';

USERNAME                       EXPIRY_DA     LOCK_DATE      ACCOUNT_STATUS
------------------------------ --------- --------- --------------------------------
FA_IAU_APPEND                  25-AUG-12                                   OPEN
FA_IAU_VIEWER                   25-AUG-12                                   OPEN
FA_IAU                                    25-AUG-12                                   OPEN
FA_ORASDPM                        01-SEP-12                                  EXPIRED
FA_MDS                                   01-SEP-12                                  EXPIRED
FA_OIM                                    01-SEP-12                                 EXPIRED
FA_SOAINFRA                        01-SEP-12                                 EXPIRED
FA_OAM                                  17-SEP-12                                  EXPIRED(GRACE)

8 rows selected.

Due to the Password expiry the managed server switch to the admin mode   when we restart the manged servers in idm 
 normally the managed server goes to the admin mode when some of the application deployed inside the managed server was not up... as the same when the password ex pair than some of the applications will not come up when up restart due  to not able to connect to the  database
If you need to change to the run mode than you can click the resume then the managed servers than it goes to the running mode

The wls_oim and wls_soa serves are in admin mode as this two servers connect with the  OAM database and the wla_oim and wls_ods connect with the OIDM database 


Check the IDM em for the more information on what are the applications which went down



Check the wls_oim manager server logfile for the password expairy

####<Sep 10, 2012 5:54:18 AM GST> <Warning> <JDBC> <hostname> <wls_oim1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:6d05bab5:139ac982dbd:-8000-0000000000000003> <1347242058362> <BEA-001129> <Received exception while creating connection for pool "mds-owsm": ORA-28001: the password has expired
####<Sep 10, 2012 5:54:18 AM GST> <Info> <JDBC> <hostname> <wls_oim1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:6d05bab5:139ac982dbd:-8000-0000000000000003> <1347242058362> <BEA-001156> <Stack trace associated with message 001129 follows:
java.sql.SQLException: ORA-28001: the password has expired
Caused By: oracle.mds.config.MDSConfigurationException: MDS-01330: unable to load MDS configuration document  
MDS-01329: unable to load element "persistence-config"
MDS-01370: MetadataStore configuration for metadata-store-usage "MAR_TargetRepos" is invalid.  
MDS-01377: Unable to get database connection from data source configured with JNDI name "jdbc/mds/MDS_REPOS".  
weblogic.common.resourcepool.ResourceDeadException: 0:weblogic.common.ResourceException: Could not create pool connection. The DBMS driver exception was: ORA-28001: the password has expired
Check the wls_soa server for the password expiry
####<Sep 10, 2012 2:54:29 AM GST> <Warning> <JDBC> <hostname> <wls_soa1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:-7b50b7:139ac9823b1:-8000-0000000000000004> <1347231269517> <BEA-001129> <Received exception while creating connection for pool "EDNDataSource": ORA-28001: the password has expired
####<Sep 10, 2012 2:54:29 AM GST> <Info> <JDBC> <hostname > <wls_soa1> <DmsThread-1> <<anonymous>> <> <ba0dbab1bd57560b:-7b50b7:139ac9823b1:-8000-0000000000000004> <1347231269518> <BEA-001156> <Stack trace associated with message 001129 follows:
java.sql.SQLException: ORA-28001: the password has expired
<Sep 10, 2012 8:54:59 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "SOADataSource": ORA-28001: the password has expired
<Sep 10, 2012 8:54:54 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "SOALocalTxDataSource": ORA-28001: the password has expired
<Sep 10, 2012 8:54:50 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "oimOperationsDB": ORA-28001: the password has expired
<Sep 10, 2012 8:54:45 AM GST> <Warning> <JDBC> <BEA-001129> <Received exception while creating connection for pool "mds-owsm": ORA-28001: the password has expired
.> 


Connect to the OAM database and by using the alter user command change the password for all the user which is expired
IF IT is expired and locked then you need to give the new password for that only expired give the same password don't change the password for all the user's change only for the OIM user and remaining you can use the same one

 alter user FA_OIM identified by <password>;
SQL> select USERNAME,EXPIRY_DATE,LOCK_DATE,ACCOUNT_STATUS from dba_users
  2   where username like '%FA%';

USERNAME                       EXPIRY_DA LOCK_DATE ACCOUNT_STATUS
------------------------------ --------- --------- --------------------------------
FA_SOAINFRA                    09-MAR-13           OPEN
FA_OIM                                09-MAR-13           OPEN
FA_MDS                               09-MAR-13           OPEN
FA_IAU                                 25-AUG-12           OPEN
FA_OAM                              09-MAR-13           OPEN
FA_IAU_VIEWER                25-AUG-12           OPEN
FA_IAU_APPEND               25-AUG-12           OPEN
FA_ORASDPM                    09-MAR-13           OPEN


We need to change the password in the data source of the managed server login in into the idm weblogic console

navigate to services and to the data sources under the domain structure



Click the data source and select the data-sources to be modified with the password 



Select the data source and the  change to the Connection pool and go to the password section and reset the password the new password which is given in the database 





save the configuration and repeat steps for second and third data source under the oim cluster


change the password for all three data source 


We need to change the Password in the IDM EM also to take effect
navigate to the IDM domain and then click the IDM domain and then go the the security and Credentials

Navigate to the Credentials and go to oim and select the oim schema password


Edit the OidmSchemaPasswrord with the new password


once you change the password you will receive the conformation message



we need to change the password in the Mbean also to take effect


navigate to Configuration MBeans->Security->myrealmOIMAuthenticationProvider


Change the Password in the DBPassword 


Restart the managed server's and admin server ...
Check the status of the managed server's after restarting





No comments:

Post a Comment

Post a Comment