Appreciations accepted

Vladlen Litvinov, the author: If you have some job offer for me, I'm ready to discuss it. View Vladlen Litvinov's profile on LinkedIn

Password

Sunday, November 17, 2013

How to restore WAS BPM 8.5 administration password?

I have already written about restoring of BPM Admin password here
There are some changes in BPM 8.5 securuty.


1. All administrator's passwords stored in JAAS Authentication aliases. So you can see empty password in the old place.

Compare:

BPM 8:

<userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="admin" serverPassword="{xor}Fhc+KzoLNzYsFTA9" realm="defaultWIMFileBasedRealm" ignoreCase="true" useRegistryServerId="false" primaryAdminId="admin" registryClassName="com.ibm.ws.wim.registry.WIMUserRegistry"/>

BPM 8.5:

<userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="" serverPassword="{xor}" realm="defaultWIMFileBasedRealm" ignoreCase="true" useRegistryServerId="false" primaryAdminId="admin" registryClassName="com.ibm.ws.wim.registry.WIMUserRegistry"/>

2. Also, there are two administrator's account in BPM 8.5. First one is WAS administrator, second - BPM administrator (like tw_admin in BPM 7-8).

3. There is not any internal database - based repository in this version.

Then, how to restore our password?

Find a string like this in security.xml:

<authDataEntries xmi:id="JAASAuthData_1371751899480" alias="CellAdminAlias" userId="admin" password="{xor}PjsyNjE=" description="BPM Cell Administrator Alias"/>

 This is the encrypted password of WAS administrator. Decrypt it. You can use the old command with the new library:

/<BPM_Home_folder>/java/jre/bin/java -Djava.ext.dirs=/<BPM_Home_folder>/deploytool/itp/plugins/com.ibm.websphere.v85.core_1.0.1.v20121015_1658/wasJars -cp securityimpl.jar com.ibm.ws.security.util.PasswordDecoder {xor}PjsyNjE=

You get an error but the result appears:

encoded password == "{xor}PjsyNjE=", decoded password == "admin"

If you need BPM administrator's password, find the next alias and decrypt the password using the same command. 

<authDataEntries xmi:id="JAASAuthData_1371753790411" alias="BPMAdminAlias_PCenter" userId="wasadmin" password="{xor}KD4sPjsyNjE="/>

encoded password == "{xor}KD4sPjsyNjE=", decoded password == "wasadmin"
 

BTW, read this article by IBM Forgot password and cannot access WebSphere Application Server administrative console It is funny, is not it? If you forgot password, better to decrypt it, really? 

No comments:

Post a Comment