changing passwords in fusion applications_wp_v1.1
TRANSCRIPT
An Oracle White Paper May 2012
Oracle Fusion Applications Managing Passwords
Disclaimer
The following is intended to outline our general product direction. It is intended for information purposes only,
and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or
functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing
of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 2
Table of Contents
Introduction .................................................................................................................................................. 3
Administrators for Fusion Applications .................................................................................................... 3
Fusion Applications Super Administrator Users ....................................................................................... 5
Stop Fusion Applications ............................................................................................................................... 6
Changing APP ID Passwords .......................................................................................................................... 7
Changing Keystore Password ........................................................................................................................ 9
Changing Super User (FAdmin) Password ................................................................................................... 13
Changing System/Policy Users Password ................................................................................................... 15
Account Lock and Password Expiration Policies ......................................................................................... 15
Changing Fusion Applications Database Passwords ................................................................................... 16
Changing JDBC Data Sources .................................................................................................................. 16
Changing Credential Store Mapping ....................................................................................................... 20
Updating ESS Spawned Job Wallet ......................................................................................................... 22
Changing ODI Repository Password ........................................................................................................ 23
Changing BI Repository Password ........................................................................................................... 23
Updating ESSBase Registry...................................................................................................................... 26
Changing passwords in Oracle Metadata Repository schema ................................................................ 28
Changing Node Manager Password ............................................................................................................ 28
Changing BI System User Password ............................................................................................................ 29
Changing the Oracle Internet Directory Database Password ..................................................................... 29
Changing the Password for the ODSM Administrator Account .................................................................. 30
Restart Fusion Applications ........................................................................................................................ 30
Appendix A – Fusion Apps RUP1 Schema ................................................................................................... 32
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 3
Appendix B – Sample Python script ............................................................................................................ 34
Appendix C – Sample Input file for Fusion Applications Schemas .............................................................. 36
Introduction There are several types of administrative passwords that could be changed periodically based on
security requirements and standard operating procedures. The scope of this document is to reflect how
password changes in external components such as databases, IDMs, etc impacts Fusion Applications tier
and how to reconfigure them. This document covers critical password changes such as Fusion Apps
administrators, super users, Keystores, database schema, etc.
This document does not include IDM and Oracle database related administrative user password
changes. Also there is absolutely no attempt in this document on providing any best practices on
password management and security policies.
This document is targeted at experienced Fusion Applications System Administrators, Security
Architects, and Operation teams.
The sample code provided in any section is for demonstration purpose only.
Administrators for Fusion Applications
The application provisioning process bootstraps the provisioned environment with two administrator groups for each application family.
These two administrator groups are:
A system administrator - A directory group representing the WebLogic Server domain administrators for all the domains.
An application administrator - A directory group with an assigned enterprise role reflecting all the application roles and delegation privileges for all the applications in a given family.
The purpose of creating these "Super Administrators" during provisioning is to enable ongoing administration and/or delegation privileges. The above process facilitates separation of duties between system administration and application administration responsibilities, but you are free to assign the same user to both hierarchies ("system admin" and "application admin").
The following table shows the groups that are created for each family.
Provisioned Administrator Groups
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 4
Product Family/Product System Administrator Group
Application Administrator Group
Oracle Fusion Supply Chain Management FSCMSysAdmin FSCMAppAdmin
Oracle Fusion Customer Relationship Management
CRMSysAdmin CRMAppAdmin
Oracle Fusion Human Capital Management HCMSysAdmin HCMAppAdmin
Oracle Fusion Financials FINSysAdmin FINAppAdmin
Oracle Fusion Procurement PRCSysAdmin PRCAppAdmin
Oracle Fusion Project PRJSysAdmin PRJAppAdmin
Oracle Fusion Incentive Compensation OICSysAdmin OICAppAdmin
In addition a single user, known as the super user, is set up to belong to all the administrator groups.
That user becomes the administrator for all middleware and the application administrator for all
product families. This is typically known as FAAdmin as per Enterprise document guide (EDG).
The following diagram illustrates the relationship between the two groups.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 5
Fusion Applications Super Administrator Users
It is important to distinguish between the two types of super-administrators that exist in the provisioning process.
Pre-seeded bootstrap user Designated super-user
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 6
In the context of the pre-seeded user, provisioning employs an identity known as the App ID that is required to bootstrap the WebLogic domains. The pre-configuration phase of provisioning automatically generates the credential needed for this App ID user.
In the context of the designated super user, during the interview phase of provisioning, you are asked to specify the user ID of the designated "real" user who will be set up as the Middleware Administrator and Functional Setup Manager. As per EDG, this is FAAdmin user. Although FAAdmin user can be used for this purpose, a 'real' user should be used in bare metal provisioning for better security and auditing. This can be achieved by supplying the username of the 'real' user in the Provisioning Wizard instead of FAAdmin.
Stop Fusion Applications
To prepare the environment for the password changes:
1. Stop all user requests by stopping the Oracle HTTP server. 2. Stop all the Fusion Applications Servers (including Admin Servers). Please consult the following doc
to start/stop Fusion Applications using “fastartstop” utility. 3. Stop all “opmn” processes such as BI, GOP, etc. depending on your Fusion Applications installation
type. 4. Do not shutdown Node Manager. 5. Update user profiles in the Oracle Database to prevent account lockout:
a. Log in to the database as a user with DBA privileges. b. Get a list of all profiles in the Oracle Database using SQL: c. SQL> SELECT profile, username FROM dba_users ORDER BY 1;
You should see most schemas with profile 'DEFAULT' and a few other profiles, including the profile SEARCHSYS_PROF used by SEARCHSYS.
d. Find existing settings for failed login attempts: e. SQL> SELECT * FROM dba_profiles WHERE resource_name = 'FAILED_LOGIN_ATTEMPTS';
At a minimum, write down the settings for DEFAULT and SEARCHSYS_PROF.
f. Alter the default profile to have unlimited login attempts: g. SQL> ALTER PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS UNLIMITED; h. Alter the SEARCHSYS_PROF profile to have unlimited login attempts: i. SQL> ALTER PROFILE searchsys_prof LIMIT FAILED_LOGIN_ATTEMPTS UNLIMITED;
6. Update the passwords you want to change in the Oracle Database using a tool such as SQL*Plus. 7. Start up only the Administration Servers of all the domains
Please consult the following doc to start/stop Fusion Applications using “fastartstop” utility.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 7
Changing APP ID Passwords When invoking Web services, Oracle Fusion Applications must rely on a type of credential known as the
Application ID or App ID. Each application has its own App ID which is initially provisioned for the
application.
The following sample Application Identities are predefined. For complete list, please consult the following doc (http://docs.oracle.com/cd/E28271_01/fusionapps.1111/e16689/F323386AN14D2F.htm#F114032AN1631A).
Application Identity Code Application Identity Name
FUSION_APPS_ECSF_SES_ADMIN_APPID Oracle Fusion Search Administrator Application Identity (CRM)
FUSION_APPS_OBIA_BIEE_APPID Business Intelligence Applications Extract Transform and Load Application Identity
FUSION_APPS_OIM_SPML_APPID Oracle Identity Manager Application Identity
FUSION_APPS_CRM_SOA_APPID Web Services Application Identity (CRM)
FUSION_APPS_FIN_SOA_APPID Web Services Application Identity (Financials)
FUSION_APPS_HCM_SOA_APPID Web Services Application Identity (HCM)
FUSION_APPS_PRC_SOA_APPID Web Services Application Identity (Procurement)
FUSION_APPS_PRJ_ESS_APPID Enterprise Scheduler Job Application Identity (Projects)
FUSION_APPS_PRJ_SOA_APPID Web Services Application Identity (Projects)
FUSION_APPS_SCM_SOA_APPID Web Services Application Identity (SCM)
FUSION_APPS_SETUP_ESS_APPID Enterprise Scheduler Job Application Identity (Setup)
… …
Get list of APPIDs from your Environment
Run the following command to get the list of all the entries for which the passwords need to be set:
Export ORACLE_HOME= $ORACLE_BASE/product/fmw/idm/bin ($ORACLE_BASE/product/fmw is a
Fusion Middleware home).
$ORACLE_HOME/bin/ldapsearch -h idmhost.mycompany.com -p 389 -D
"cn=orcladmin" -w <password> -b
'cn=AppIdUsers,cn=Users,dc=mycompany,dc=com' -s sub
'objectclass=orclAppiduser' cn >& reset.txt
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 8
Sample Content of reset.txt:
cn=FUSION_APPS_BI_APPID,cn=AppIDUsers,cn=Users,dc=mycompany,dc=com cn=FUSION_APPS_BI_APPID cn=FUSION_APPS_ATK_ADF_APPID,cn=AppIDUsers,cn=Users,dc=mycompany,dc=com cn=FUSION_APPS_ATK_ADF_APPID cn=FUSION_APPS_CRM_ADF_SOAP_APPID,cn=AppIDUsers,cn=Users,dc=mycompany,dc=com cn=FUSION_APPS_CRM_ADF_SOAP_APPID cn=FUSION_APPS_CRM_ECSF_SEARCH_APPID,cn=AppIDUsers,cn=Users,dc=mycompany,dc=com cn=FUSION_APPS_CRM_ECSF_SEARCH_APPID
Changing APP IDs Passwords
Changing APP IDs password has a ripple effect on various configurations including Credential Stores
(CSF) in Fusion Applications. The App Id passwords are stored in the credential store (encrypted) and
that is how Fusion Applications get the password values before talking to other applications/web
services. Once the APPID passwords are changed in LDAP, the corresponding entries in CSF must be
changed. Oracle does not support it as it is a manual, tedious and error prone process at this time. In
future releases, Oracle may provide a utility to change these passwords that will automate the process.
The APP ID passwords are generated randomly when Fusion Applications is provisioned. They are
completely secured, encrypted and no human will ever have to use these APP IDs.
Changing FUSION_APPS_PROV_PATCH_APPID using custom passwords
The only exception is to change password of “FUSION_APPS_PROV_PATCH_APPID” (if absolutely
necessary). The Fusion Applications uses “FUSION_APPS_PROV_PATCH_APPID” to manage life cycle of
Weblogic Admin and Managed servers. The new password must be reflected in Weblogic’s
“boot.properties” file of all the domains.
You could change “FUSION_APPS_PROV_PATCH_APPID” password from Administrative Console of IDM
or Weblogic; or using the following ldap command:
Create ldif file as “update_apps_prov_patch.ldif” cn= FUSION_APPS_PROV_PATCH_APPID,cn=AppIDUsers,cn=Users,dc=mycompany,dc=com
changetype: modify
replace: userPassword
userPassword: new_password
Use LDAPMODIFY command as
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 9
$ORACLE_HOME/bin/ldapmodify -h oid_hostName -p oid_port -D
“cn=orcladmin” -w orcladmin_password -f <update_apps_prov_patch.ldif>
Note: $ORACLE_HOME= $ORACLE_BASE/product/fmw/idm/bin ($ORACLE_BASE/product/fmw is a
Fusion Middleware home).
Changing boot.properties file with new password
Since “FUSION_APPS_PROV_PATCH_APPID” this APP ID’s password is reset, the boot.properties of
Admin Server must be modified with new password in all the domains respectively.
Run the following command (for each domain) to get encrypted password string of
FUSION_APPS_PROV_PATCH_APPID:
Set environment: . $FUSION_APPS_HOME/wlserver_10.3/server/bin/setWLSenv.sh
Go to each domain directory such as: $ORACLE_BASE/config/domains/<Host
Name>/CommonDomain
Run the following command: java weblogic.security.Encrypt Welcome1
This will echo the encrypt string that must be replaced in boot.properties.
Modify boot.properties in AdminServer/security folder.
Note: The encrypted password string must be generated for each domain.
Changing Keystore Password There are multiple Keystores used in Fusion Apps including in IDM, database and OHS. These are the
following sample Keystores instructions to change their password:
1. Keystore to store public and private keys for all secure web services connections within the domain: <domain_directory><domain_name>/config/fmwconfig/default-keystores.jks
2. Keystore to enable host name verification for the Node Manager a. Custom Trust Keystore :
$ORACLE_BASE/products/fusionapps/wlserver_10.3/server/lib/fusion_trust.jks b. Custom Identity Keystore for each machine:
$ORACLE_BASE/products/fusionapps/wlserver_10.3/server/lib/<hostname>_fusion_trust.jks (Alias is <hostname>_fusion).
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 10
Oracle Fusion Middleware provides these tools for keystore operations:
WLST, a command-line interface for JKS keystores and wallets orapki, a command-line tool for wallets Fusion Middleware Control, a graphical user interface the keytool utility
If an Oracle wallet or JKS keystore was created with tools such as orapki or keytool, it must be imported prior to using WLST and Fusion Middleware Control. Please consult the following doc for more information.
Changing Keystore password using “keytool” utility
Please follow the following steps to change the keystore password:
1. Change directory to $ORACLE_BASE/products/fusionapps/wlserver_10.3/server/lib
2. Run the following command to change the password used to protect the integrity of the
keystore contents:
keytool -storepasswd -new <NewPassword> -keystore
fusion_trust.jks -storepass <Original Password>
3. Run the following command to change the password used which the private/secret key
identified by alias is protected, from old_keypass to new_keypass:
keytool -keypasswd {-alias alias} [-keypass old_keypass] [-new new_keypass] -keystore fusion_trust.jks [-storepass storepass] {-v} {-Jjavaoption}
Once the password is changed, you must re-configure all Weblogic domain and respective servers to reflect new password.
Configure Weblogic Domain default_keystore.jks
Navigate to <Weblogic Domain>/<Domain Name>. Select “Security Provider Configuration” as shown here:
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 11
Change password by clicking “Configure” under Keystore section as shown below:
Once the keystore password and paraphrase are changed, please change respectively the keystore and SSL configiration of all the servers in a domain.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 12
Note: Repeat the above steps for all the domains
Configure Admin and managed Servers for each domain to reflect new keystore password
Please login to Weblogic Administrative Console and navigate it to Environment/Servers. For each server select Configuration and then Keystore tab. Please see the following screens to update Passphrase. (Repeat for all servers and respective domains)
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 13
Note: The keystore password can only be changed if “old” password is available.
Changing Super User (FAdmin) Password This is a super user that was provided during Fusion Applications Provisioning plan – typically FAAdmin
as per EDG. You can change the password of the administrative user using the Oracle WebLogic Server
Administration Console, WLST command line, ODSM (Oracle Directory Service Manager) console or LDIF
(LDAP Data Interchange Format) command.
Since Fusion Applications users are provisioned through OID, the best practice is to change the password
from ODSM console or using LDIF command.
Changing FAAdmin password Using ODSM console
To change the password of the Oracle Fusion Middleware administrative user using ODSM Console:
Navigate to the ODSM Console. (For example, from the home page of the domain in Fusion Applications Control, select “To configure and managed this WebLogic Domain, use the Oracle WebLogic Server Administration Console”.)
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 14
Changing FAAdmin password Using LDIF Command
Create a LDIF file such as “updatePassword.ldif” with the following entries
dn: cn=FAAdmin,cn=Users,dc=mycompany,dc=com changetype: modify replace: userPassword userPassword: new_password
Use LDAPMODIFY command
$ORACLE_HOME/bin/ldapmodify -h oid_hostName -p oid_port -D
“cn=orcladmin” -w orcladmin_password -f updatePassword.ldif
Note: $ORACLE_HOME= $ORACLE_BASE/product/fmw/idm/bin ($ORACLE_BASE/product/fmw is a
Fusion Middleware home).
Changing the Oracle Fusion Middleware Administrative User Password Using the WLST Command
Line
To change the Oracle Fusion Middleware administrative user password or other user passwords using the command line, you invoke the UserPasswordEditorMBean.changeUserPassword method, which is extended by the security realm's AuthenticationProvider MBean.
Start a WLST session as follows:
Run wlst.sh from
<path_to_domain_home_of_the_domain>/fusionapps/oracle_common/common/bin.
Connect to the domain.
nmConnect('<node_manager_user_name>','<node_manager_password>','<node_
manager_machine_name>','< node_manager_machine_port>', '<domain
name>','<path_to_domain_home_of_the_domain>')
Example:
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 15
nmConnect('bootstrap_admin','welcome','<hostname>','5556',
'CommonDomain','/oracle/fusion/top/instance/domains/weblogic1.company.
com/CommonDomain')
WLST Script
from weblogic.management.security.authentication import
UserPasswordEditorMBean
print "Changing password ..."
atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthentica
tionProvider("DefaultAuthenticator")
atnr.changeUserPassword('my_user','my_password','new_password')
print "Changed password successfully"
Please consult the following doc
(http://docs.oracle.com/cd/E23943_01/web.1111/e13715/config_wls.htm#i1019970) for more
information.
Changing System/Policy Users Password These are the following system (or Policy) users provisioned by Fusion Applications: “PolicyRWUser”,
“PolicyROUser”, “IDRWUser”, “IDROUser”. The passwords are changed like any other OID user through
ODSM console or LDAP as described earlier. However, changing some of these passwords impacts CSF
(Credential Stores) keys.
The map and key for “PolicyRWUser” and “IDROUser” respectively are as follows:
oracle.patching, FUSION_APPS_PATCH_POLICY_STORE-KEY
oracle.patching, FUSION_APPS_PATCH_ID_STORE-KEY
Please consult the following section to change CSF keys.
Account Lock and Password Expiration Policies The default password policy for Oracle Internet Directory enforces:
Password expiration in 120 days
Account lockout after 10 login failures. Except for the superuser account, all accounts remain
locked for a duration of 24 hours unless the passwords are reset by the directory administrator.
A user account stays locked even after the lockout duration has passed unless the user binds
with the correct password.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 16
When Fusion Applications is provisioned, the APP IDs container do not have password expiration policy,
but system (or policy) users such as “PolicyRWUser”, “PolicyROUser”, “IDRWUser”, “IDROUser” have
password expiration policy. These are the following alternatives to handle password expiration policy:
1. Disable password expiration policy. If password is already expired then change the password to
same “old password” and disable the expiration policy to prevent it in future. This ensures that
no changes are required in respective Credential Stores.
2. Change the password and then consult the following section to change the respective Credential
Stores (CSF) keys.
Option “1” is recommended until in future releases Oracle provides complete listing of Credential Stores
Mappings (similar to APP IDs).
Please consult the following doc to manage Password Policies.
Changing Fusion Applications Database Passwords Changing Fusion Applications database schema passwords impact several components in middle tier
stack, such as JDBC data sources, Credential Store mappings, and various repositories. Please follow the
Oracle database documentation on how to change schema passwords in the database.
Changing JDBC Data Sources These objects contain properties such as the URL or user name and password. Application components
use data sources to obtain connections to a relational database. They are known as Weblogic Data
Sources.
Please see Appendix A of database schemas based on Fusion Applications RUP1 (New schemas could be
added in later Fusion Apps versions).
The best approach is to create a WLST script to modify JDBC data sources with new password. The
alternative option is to change it for each data source from Weblogic Console.
Sample WLST Script for demonstration purpose only
Once the schema password is changed in the database, please see the following sample to update
respective data sources:
Sample
Let’s assume there are 3 schemas jrd1, jrd2 and jrd3 with password “Welcome1”. There are 3 respective
jdbc data sources. The CommonDomain has jrdtest1 and jrdtest2; and HCMDomain has jrdtest3. All 3
data sources for the sample are targeted to soa_server1 respectively by domain.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 17
The following Python script demonstrates how to change the password of jdbc data sources:
import sys
import os
import ConfigParser
import time
from datetime import datetime
_wlsUsername = 'weblogic_fa'
_wlsPassword = 'Welcome1'
_domainT3UrlProperty = 'domain.url.t3'
_schemaSectionName = 'SCHEMAS'
_fsSectionName = 'CommonDomain'
def updateDatasourcesInOneDomain(_wlsUsername, _wlsPassword,
_domainT3Url, _parser):
connect(_wlsUsername,_wlsPassword,_domainT3Url)
_dsNames = ls('/JDBCSystemResources', returnMap='true',
returnType='c')
edit()
startEdit()
for _dsName in _dsNames:
jdbcSR = lookup(_dsName,"JDBCSystemResource")
theJDBCResource = jdbcSR.getJDBCResource()
driverParams = theJDBCResource.getJDBCDriverParams()
driverProperties = driverParams.getProperties()
# update schema password if schema user is specified in the
input file
_userprop = driverProperties.lookupProperty('user')
_userval = _userprop.getValue()
#print '***user is:' + _userval
if _parser.has_option(_schemaSectionName, _userval):
print '*** Updating the password of datasource ' + _dsName +
' (username=' + _userval + ')'
_dbPassword = _parser.get(_schemaSectionName, _userval)
print 'password is:' + _dbPassword
driverParams.setPassword(_dbPassword)
save()
activate(block="true")
disconnect()
Read the input file as follows:
# read the input file
try:
_inputFile = sys.argv[1]
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 18
'*********************************************************************
************************'
print '* Input file: ' + _inputFile
print '*** Reading ' + str(_inputFile) + '...'
_parser = ConfigParser.ConfigParser()
_parser.optionxform = str
_parser.read(_inputFile)
except:
'*********************************************************************
************************'
print '* Error:'
sys.exit(2)
Call the above function as: # update the datasource passwords
for _sectionName in _parser.sections():
if _parser.has_option(_sectionName, _domainT3UrlProperty):
# get domain t3 url
_domainT3Url = _parser.get(_sectionName, _domainT3UrlProperty)
print '*** Retrieved ' + _sectionName + ' domain t3 url: ' +
_domainT3Url
try:
print '************Update Datasource password'
updateDatasourcesInOneDomain(_wlsUsername, _wlsPassword,
_domainT3Url, _parser)
except:
dumpStack()
sys.exit(1)
print '***Successfully updated datasource '
exit()
The sample input file is:
[SCHEMAS]
##########
jrd1=newWelcome1
jrd2=newWelcome1
jrd3=newWelcome1
[CommonDomain]
# The WLS admin URL for the Common Domain
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 19
domain.url.t3=t3://scmhost1as1.us.oracle.com:7001
[HCMDomain]
# The WLS admin URL for the Common Domain
domain.url.t3=t3://scmhost1as1.us.oracle.com:9401
Run the Python script as follows:
$FA_HOME/wlserver_10.3/common/bin/wlst.sh $SCRIPT_PATH/<script_name>.py $
SCRIPT_PATH/<input_filename>.ini
Please see the following screen shots for output:
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 20
Note: The password output value is for debugging only. You should remove it from your production
script.
You can modify Fusion Applications data sources based on the input file provided in Appendix C.
Changing Credential Store Mapping In Oracle Fusion Applications, credentials used for various components such as patching, BI Enterprise,
Security, etc are stored securely, based in the Lightweight Directory Access Protocol (LDAP) Credential
Store Framework (CSF), where they can be retrieved when required transparently. Some of this
credential mapping contains database schema and password keys. Hence when schema passwords are
changed, the respective CSF mapping must be updated.
The CSF mappings are in “CommonDomain”. They can be managed from Fusion Middleware Control
(EM). However, one should create WLST scripts to automate the process. The following screens shots
provide the reference on how to browse CSF maps from EM:
Log in to Fusion Middleware Control and navigate to Domain > Security > Credentials, to display the
Credentials page
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 21
Creating WLST script to automate CSF mappings
Enhanced the database schema password script to include CSF updates. Create another Python function
as follows:
def updateCredentialPasswords(_wlsUsername, _wlsPassword, _domainT3Url, _parser):
if _parser.has_option(_fsSectionName, _domainT3UrlProperty):
_domainT3Url = _parser.get(_fsSectionName, _domainT3UrlProperty)
connect(_wlsUsername,_wlsPassword,_domainT3Url)
for _sectionName in _parser.sections():
# only look at section whose name is an expected credential map name
if _sectionName in _expectedCredMapList:
_map = _sectionName
for _key in _parser.options(_map):
_schemaUsername = _parser.get(_map, _key)
_password = ''
if _parser.has_option(_schemaSectionName, _schemaUsername):
_password = _parser.get(_schemaSectionName, _schemaUsername)
if _password.__len__() > 0:
_credFound = 'false'
try:
print '*** Deleting existing credential with map [' + _map + '] and key
[' + _key + ']. Failure indicates that no such credential exists.'
deleteCred(map=_map, key=_key)
_credFound = 'true'
except:
dumpStack()
if _credFound == 'true':
_now = str(datetime.now())
_desc = 'Reset at ' + _now
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 22
createCred(map=_map, key=_key, user=_schemaUsername, password=_password,
desc=_desc)
print '*** Credential with map [' + _map + '] and key [' + _key + '] has
been reset at ' + _now
else:
print '*** Skipping reset of credential with map [' + _map + '] and key
[' + _key + ']. Credential does not exist.'
else:
print '*** Skipping reset of credential with map [' + _map + '] and key [' +
_key + ']. Input file does not contain password for schema username "' + _schemaUsername + '"'
else:
print '*** Skipping reset of credential with map [' + _map + '] and key [' +
_key + ']. Input file does not contain schema username "' + _schemaUsername + '"'
disconnect()
else:
print '*** Cannot find section [CommonDomain] with property "' + _domainT3UrlProperty + '".
Skipping credential store password reset.'
# update the credential store passwords
updateCredentialPasswords(_wlsUsername, _wlsPassword, _domainT3Url, _parser)
Updating ESS Spawned Job Wallet A configured Oracle wallet enables spawned jobs to connect to the database at the command line. A provisioned Fusion applications environment will have this wallet pre-configured. Configuring a spawned job involves creating an environment file and configuring an Oracle wallet. This wallet stores “fusion_runtime” schema password used by ESS jobs.
The “environment.properties” is located at $ORACLE_BASE/config/ess/config. This property file includes
critical properties that are required to update Wallet such as:
Wallet Location $ORACLE_CSF_WALLET_LOC
Database Name $TWO_TASK
TNSAdmin Path $TNS_ADMIN
Syntax to Update Wallet:
mkstore –wrl walletLocation –modifyCredential dbName dbUser dbPassword
Run the following command:
1. Go to command prompt $TNS_ADMIN
2. Execute mkstore –wrl $ORACLE_CSF_WALLET_LOC –modifyCredential $TWO_TASK
fusion_runtime <NewPassword>
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 23
Changing ODI Repository Password
There are two database schemas FUSION_ODI and FUSION_ODI_STAGE that must be updated in ODI work repository.
Oracle Fusion Applications Provisioning does not install ODI Studio. You must install ODI Studio to change work repository password.
To change the ODI work repository password from ODI Studio:
1. Start the ODI Studio and, in the Connection profile, uncheck the Work Repository 2. Verify that the password of Master Repository database is OK 3. In ODI Studio, go to the Topology Manager > Work Repositories 4. Edit the Work Repository, click on the "Connection" icon button, and set the appropriate
password.
5. Double-click the work repository. The Work Repository Editor opens. 6. On the Definition tab of the Work Repository Editor click Change password. 7. Enter the current password and the new one. 8. Click OK.
Changing BI Repository Password
Each repository has a password that is used to encrypt its contents. You create the repository password when you create a new repository file, or when you upgrade a repository from a previous release of Oracle Business Intelligence.
You can change the repository password using the Administration Tool in offline mode, or using the “obieerpdpwdchg” utility. You cannot change the repository password when the repository is open in the Administration Tool in online mode.
The obieerpdpwdchg utility is especially useful when you want to change the repository password on Linux and UNIX systems where the Administration Tool is not available. You cannot change the repository password when the repository is open in online mode.
After you change the repository password in the Administration Tool, you must also publish the updated repository and specify the new password in Fusion Middleware Control. Specifying the repository password in Fusion Middleware Control enables the password to be stored in an external credential store, so that the Oracle BI Server can retrieve it to load the repository.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 24
Changing the Oracle BI Repository password using Administration Tool
1. Open the repository in the Administration Tool in offline mode. 2. Select File, then select Change Password. 3. Enter the current (old) password. 4. Enter the new password and confirm it. The repository password must be longer than five
characters and cannot be empty. 5. Click OK. 6. Save and close the repository. 7. Open a Web browser and log in to Fusion Middleware Control from the computer where the
updated repository is located. 8. In the navigation tree, expand Business Intelligence and then click coreapplication to display the
Business Intelligence Overview page. 9. Display the Repository tab of the Deployment page. 10. Click Lock and Edit Configuration. 11. Click Browse next to Repository File. Then, select the updated repository file and click Open. 12. Enter the new (updated) repository password in the Repository Password and the Confirm
Password fields.
Make sure to specify the password that has been set in the repository. If the passwords do not match, the Oracle BI Server fails to start, and an error is logged in nqserver.log.
13. Click Apply, then click Activate Changes. 14. Return to the Business Intelligence Overview page and click Restart.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 25
Changing the Oracle BI Repository Password Using “obieerpdpwdchg” Utility
Follow these steps to change the repository password using the obieerpdpwdchg utility, and then publish the modified repository in Fusion Middleware Control:
1. Run bi-init to launch a command prompt or shell window that is properly initialized.
For Example:
Linux:ORACLE_INSTANCE/bifoundation/OracleBIApplication/coreapplication/setup/bi-init.sh
Windows Client Installation: ORACLE_HOME/bifoundation/server/bin/bi-init.bat
Windows All other Installation Types: ORACLE_INSTANCE/bifoundation/OracleBIApplication/coreapplication/setup/bi-init.cmd
2. At the command prompt, type obieerpdpwdchg with the following arguments: o -I name_and_path_of_existing_repository
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 26
o -O path_of_new_repository
Then, enter the current (old) password and the new password when prompted. The repository password must be longer than five characters and cannot be empty. For example:
obieerpdpwdchg -I my_repos.rpd -O my_changed_repos.rpd Please enter the repository password: my_old_password Please enter a new repository password: my_new_password
Note that passwords are masked on the command line unless you include the -C option to disable masking.
3. Open a Web browser and log in to Fusion Middleware Control from the computer where the updated repository is located.
4. In the navigation tree, expand Business Intelligence and then click coreapplication to display the Business Intelligence Overview page.
5. Display the Repository tab of the Deployment page. 6. Click Lock and Edit Configuration. 7. Click Browse next to Repository File. Then, select the updated repository file and click
Open. 8. Enter the new (updated) repository password in the Repository Password and the
Confirm Password fields.
Make sure to specify the password that has been set in the repository. If the passwords do not match, the Oracle BI Server fails to start, and an error is logged in nqserver.log.
9. Click Apply, then click Activate Changes. 10. Return to the Business Intelligence Overview page and click Restart.
Updating ESSBase Registry
Essbase Server uses a database schema password stored in the “reg.properties” file.
Change ESSBase Registry properties as follows:
The “updateRegProperties.py” is located at:
$ORACLE_BASE/products/fusionapps/bi/bifoundation/install
Syntax is:
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 27
updateRegProperties.py biHome biInstance DbUrl DbUserName DbNewPassword DbDriverClass
Run the following command to update registry:
wlst.sh
$ORACLE_BASE/products/fusionapps/bi/bifoundation/install/updateR
egProperties.py $BIHOME $BIINST
jdbc:oracle:thin:@<dbhostname>:1592/ems2671 FUSION_BI_PLATFORM
newpasss “oracle.jdbc.OracleDriver”
Where $BIHOME is $ORACLE_BASE/products/fusionapps/bi and BIInstance is
<INSTANCE_DIR>/config/BIInstance/config
Change EPM Registry as follow:
$BIInstance/config/foundation/11.1.2.0/epmsys_registry.sh updateencryptedproperty
HOST/database_conn/@dbPassword DbNewPassword
Example of $BIInstance is <INSTANCE_DIR>/config/BIInstance/config/foundation/11.1.2.0
Change ESSBase Monitoring Credential as follows:
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 28
Changing passwords in Oracle Metadata Repository schema Oracle Metadata Services (MDS) repository contains metadata for the Oracle Fusion Applications and
some Oracle Fusion Middleware component applications. The schema passwords are stored in the
Oracle database. Since, MDS is configured to use JDBC data sources no action is required.
Changing Node Manager Password
The Node Manager account authenticates the connection between a client (for example, the Administration Server) and Node Manager. In an Oracle Fusion Applications installation, this user is specified on the Installation Location page of the Provisioning Wizard.
Please consult the "Specify Node Manager Username and Password" section in the Oracle Fusion Middleware Node Manager Administrator's Guide for Oracle WebLogic Server.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 29
Changing BI System User Password The BISystemUser account provides access to the Oracle Business Intelligence system components.
Please consult "Default Users and Passwords" section in the Oracle Fusion Middleware Security Guide for
Oracle Business Intelligence Enterprise Edition
Changing the Oracle Internet Directory Database Password
The Oracle Internet Directory uses a password when connecting to its own designated Oracle database. The default for this password when you install Oracle Internet Directory is the same as that for the Oracle Fusion Middleware administrator. You can change this password by using oidpasswd.
The following example shows how to change the Oracle Internet Directory database password, assuming the database in on the same machine.
oidpasswd connect=dbs1 change_oiddb_pwd=true current password: oldpassword new password: newpassword confirm password: newpassword password set.
Changing the OID Super user Password by Using Fusion Middleware Control
To change the password for the superuser by using Oracle Enterprise Manager Fusion Middleware Control:
1. Select Administration, then Shared Properties from the Oracle Internet Directory menu. 2. Click the Change Superuser Password tab. 3. Specify the old password. 4. Specify the new password. 5. Confirm the new password. 6. Click Apply.
Changing the Superuser password Using ldapmodify
To set or modify a user name or password for the superuser, use ldapmodify to modify the
attribute orclsuname or orclsupassword, respectively, in the DSE root. Changing the user
name of the superuser can have serious repercussions and is not recommended.
To change the password of the superuser to superuserpassword, use an LDIF file such as
the following:
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 30
dn:
changetype:modify
replace:orclsupassword
orclsupassword:superuserpassword
Changing the Password for the ODSM Administrator Account
Oracle Internet Directory connects to its Oracle Database, using the password specified for the ODS schema during schema creation. It also connects to retrieve its metrics using the ODSSM schema password, given during schema creation as well.The Oracle Enterprise Manager Fusion Middleware Control default password, at the end of install, is the same as the ODSSM password.
To change the password for the ODSSM administrator, you must change it in the Oracle Database and then change it on both the WebLogic domain server and on each Oracle instance in the domain. Use the following procedure:
1. Use SQLPlus or a similar tool to alter the password in the database. 2. Invoke wlst and connect to the WebLogic server. 3. java weblogic.WLST 4. connect('weblogic', 'weblogic_user_password', 'protocol:host:port') 5. Run the following WLST command: 6. upupdateCred(map='odssm',keu='ODSSM_instance_name',
password='newpassword',user='ODSSM') 7. On each Oracle instance in the WebLogic domain, execute the following command line: 8. ORACLE_HOME/ldap/bin/oidcred odssm update [instanceName] 9. Update the component registration of the Oracle instance, as described in "Updating the
Component Registration of an Oracle Instance by Using opmnctl"
Restart Fusion Applications Restore the User Profiles in the Oracle Database and restart the Oracle Fusion Applications Environment
Please bounce all Managed Servers after the tool runs, so that the Managed Servers read the updated configuration information.
To restart the Managed Servers:
1. Restore values of user profiles in the Oracle Database: a. Log in to the database as a user with DBA privileges.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 31
b. Alter the default profile to have unlimited login attempts. The following syntax assumes the original value was 10.
c. ALTER PROFILE default LIMIT FAILED_LOGIN_ATTEMPTS 10; d. Restore the SEARCHSYS_PROF. The following syntax assumes the original value
was 10. e. ALTER profile DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS 10;
2. Shut down the Administration Servers. 3. Start all the Admin and Managed Servers. Please consult the following doc to start/stop
Fusion Applications using “fastartstop” utility. 4. Start all “opmn” processes such as BI, GOP, etc depending on your Fusion Applications
installation type. 5. Start Oracle HTTP Server, so users can resume sending requests.
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 32
Appendix A – Fusion Apps RUP1 Schema
These are the database schemas implemented based on Fusion Applications RUP1 (New schemas could
be added in later Fusion Apps versions).
CRM_FUSION_MDS_SOA CRM_FUSION_SOAINFRA FIN_FUSION_MDS_SOA FIN_FUSION_SOAINFRA FUSION FUSION_ACTIVITIES FUSION_APM FUSION_AQ FUSION_BI FUSION_BIPLATFORM FUSION_DISCUSSIONS FUSION_DISCUSSIONS_CRAWLER FUSION_DQ FUSION_DYNAMIC FUSION_IPM FUSION_MDS FUSION_MDS_ESS FUSION_MDS_SPACES FUSION_OCSERVER11G FUSION_ODI FUSION_ODI_STAGE FUSION_ORA_ESS FUSION_ORASDPLS FUSION_ORASDPM FUSION_ORASDPSDS FUSION_ORASDPXDMS FUSION_OTBI FUSION_PORTLET FUSION_RUNTIME FUSION_WEBCENTER HCM_FUSION_MDS_SOA HCM_FUSION_SOAINFRA OIC_FUSION_MDS_SOA OIC_FUSION_SOAINFRA PRC_FUSION_MDS_SOA PRC_FUSION_SOAINFRA PRJ_FUSION_MDS_SOA PRJ_FUSION_SOAINFRA SCM_FUSION_MDS_SOA SCM_FUSION_SOAINFRA SEARCHSYS SETUP_FUSION_MDS_SOA
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 33
SETUP_FUSION_SOAINFRA
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 34
Appendix B – Sample Python script import sys
import os
import ConfigParser
import time
from datetime import datetime
_wlsUsername = 'weblogic_fa'
_wlsPassword = 'Welcome1'
_domainT3UrlProperty = 'domain.url.t3'
_wlstSectionName = 'WLS'
_schemaSectionName = 'SCHEMAS'
_servicenameName = 'servicename'
_fusionruntimeName = 'fusion_runtime'
_fsSectionName = 'CommonDomain'
def updateDatasourcesInOneDomain(_wlsUsername, _wlsPassword, _domainT3Url, _parser):
connect(_wlsUsername,_wlsPassword,_domainT3Url)
_dsNames = ls('/JDBCSystemResources', returnMap='true', returnType='c')
edit()
startEdit()
for _dsName in _dsNames:
jdbcSR = lookup(_dsName,"JDBCSystemResource")
theJDBCResource = jdbcSR.getJDBCResource()
driverParams = theJDBCResource.getJDBCDriverParams()
driverProperties = driverParams.getProperties()
# update schema password if schema user is specified in the input file
_userprop = driverProperties.lookupProperty('user')
_userval = _userprop.getValue()
#print '***user is:' + _userval
if _parser.has_option(_schemaSectionName, _userval):
print '*** Updating the password of datasource ' + _dsName + ' (username=' + _userval +
')'
_dbPassword = _parser.get(_schemaSectionName, _userval)
print 'password is:' + _dbPassword
driverParams.setPassword(_dbPassword)
save()
activate(block="true")
disconnect()
# read the input file
try:
_inputFile = sys.argv[1]
print '*** Reading ' + str(_inputFile) + '...'
_parser = ConfigParser.ConfigParser()
_parser.optionxform = str
_parser.read(_inputFile)
except:
print '* Error:'
sys.exit(2)
# update the datasource passwords
for _sectionName in _parser.sections():
if _parser.has_option(_sectionName, _domainT3UrlProperty):
# get domain t3 url
_domainT3Url = _parser.get(_sectionName, _domainT3UrlProperty)
print '*** Retrieved ' + _sectionName + ' domain t3 url: ' + _domainT3Url
try:
print '************Update Datasource password'
updateDatasourcesInOneDomain(_wlsUsername, _wlsPassword, _domainT3Url, _parser)
except:
dumpStack()
sys.exit(1)
print '***Successfully updated datasource '
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 35
exit()
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 36
Appendix C – Sample Input file for Fusion Applications Schemas [SCHEMAS]
#
# Passwords for all schemas in the Fusion Apps database which
# are used by Fusion Apps and could have corresponding
# data sources or CSF entries.
#
# Used to update data sources and CSF entries to contain
# the new schema passwords.
#
# This list is static for a given Fusion Apps version.
# New schemas could be added in later Fusion Apps versions.
# -------------------------------------------------------------
#
CRM_FUSION_MDS_SOA=crm_fusion_mds_soa
CRM_FUSION_SOAINFRA=crm_fusion_soainfra
FIN_FUSION_MDS_SOA=fin_fusion_mds_soa
FIN_FUSION_SOAINFRA=fin_fusion_soainfra
FUSION=fusion
FUSION_ACTIVITIES=fusion_activities
FUSION_APM=fusion_apm
FUSION_AQ=fusion_aq
FUSION_BI=fusion_bi
FUSION_BIPLATFORM=fusion_biplatform
FUSION_DISCUSSIONS=fusion_discussions
FUSION_DISCUSSIONS_CRAWLER=fusion_discussions_crawler
FUSION_DQ=fusion_dq
FUSION_DYNAMIC=fusion_dynamic
FUSION_IPM=fusion_ipm
FUSION_MDS=fusion_mds
FUSION_MDS_ESS=fusion_mds_ess
FUSION_MDS_SPACES=fusion_mds_spaces
FUSION_OCSERVER11G=fusion_ocserver11g
FUSION_ODI=fusion_odi
FUSION_ODI_STAGE=fusion_odi_stage
FUSION_ORA_ESS=fusion_ora_ess
FUSION_ORASDPLS=fusion_orasdpls
FUSION_ORASDPM=fusion_orasdpm
FUSION_ORASDPSDS=fusion_orasdpsds
FUSION_ORASDPXDMS=fusion_orasdpxdms
FUSION_OTBI=fusion_otbi
FUSION_PORTLET=fusion_portlet
FUSION_RUNTIME=fusion_runtime
FUSION_WEBCENTER=fusion_webcenter
HCM_FUSION_MDS_SOA=hcm_fusion_mds_soa
HCM_FUSION_SOAINFRA=hcm_fusion_soainfra
OIC_FUSION_MDS_SOA=oic_fusion_mds_soa
OIC_FUSION_SOAINFRA=oic_fusion_soainfra
PRC_FUSION_MDS_SOA=prc_fusion_mds_soa
PRC_FUSION_SOAINFRA=prc_fusion_soainfra
PRJ_FUSION_MDS_SOA=prj_fusion_mds_soa
PRJ_FUSION_SOAINFRA=prj_fusion_soainfra
SCM_FUSION_MDS_SOA=scm_fusion_mds_soa
SCM_FUSION_SOAINFRA=scm_fusion_soainfra
SEARCHSYS=searchsys
SETUP_FUSION_MDS_SOA=setup_fusion_mds_soa
SETUP_FUSION_SOAINFRA=setup_fusion_soainfra
SYS=sys
#
# The [*Domain] sections list all Fusion Apps WLS domains that contain
# data sources to be updated.
#
# The list will not change in a given Fusion Apps release, but could
# change in future releases.
# -------------------------------------------------------------
#
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 37
[CommonDomain]
#
# The WLS admin URL for the Common Domain
#
domain.url.t3=t3://fa-internal.us.oracle.com:7001
[FinancialDomain]
# The WLS admin URL for the Financials Domain
domain.url.t3=t3://fa-internal.us.oracle.com:7401
[SCMDomain]
# The WLS admin URL for the SCM Domain
domain.url.t3=t3://fa-internal.us.oracle.com:7801
[HCMDomain]
# The WLS admin URL for the HCM Domain
domain.url.t3=t3://fa-internal.us.oracle.com:9401
[CRMDomain]
# The WLS admin URL for the CRM Domain
domain.url.t3=t3://fa-internal.us.oracle.com:9001
[PRJDomain]
# The WLS admin URL for the PRJ Domain
domain.url.t3=t3://fa-internal.us.oracle.com:8601
[BIDomain]
# The WLS admin URL for the BI Domain
domain.url.t3=t3://fa-internal.us.oracle.com:10201
[oracle.apps.security]
#
# CSF key names and corresponding schema names for the CSF map
# oracle.apps.security.
#
# Used to update the password stored along with the schema name
# for each listed CSF entry.
#
# You should not need to change these values.
# -------------------------------------------------------------
#
FUSION_APPS_ECSF_SES_ADMIN-KEY=SEARCHSYS
FUSION-DB-KEY=FUSION_RUNTIME
[oracle.patching]
#
# CSF key names and corresponding schema names for the CSF map
# oracle.patching.
#
# Used to update the password stored along with the schema name
# for each listed CSF entry.
#
# You should not need to change these values.
# -------------------------------------------------------------
#
FUSION_ACTIVITIES-KEY=FUSION_ACTIVITIES
FUSION_APM-KEY=FUSION_APM
FUSION_APPS_BIPLATFORM-KEY=FUSION_BIPLATFORM
FUSION_APPS_CRM_MDS_SOA_SCHEMA-KEY=CRM_FUSION_MDS_SOA
FUSION_APPS_CRM_SOAINFRA-KEY=CRM_FUSION_SOAINFRA
FUSION_APPS_DBA-KEY=SYS
FUSION_APPS_FIN_MDS_SOA_SCHEMA-KEY=FIN_FUSION_MDS_SOA
FUSION_APPS_FIN_SOAINFRA-KEY=FIN_FUSION_SOAINFRA
FUSION_APPS_HCM_MDS_SOA_SCHEMA-KEY=HCM_FUSION_MDS_SOA
FUSION_APPS_HCM_SOAINFRA-KEY=HCM_FUSION_SOAINFRA
FUSION_APPS_MDS-KEY=FUSION_MDS
FUSION_APPS_MDS_ESS-KEY=FUSION_MDS_ESS
FUSION_APPS_MDS_SPACES-KEY=FUSION_MDS_SPACES
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 38
FUSION_APPS_ODI_SCHEMA-KEY=FUSION_ODI
FUSION_APPS_OIC_MDS_SOA_SCHEMA-KEY=OIC_FUSION_MDS_SOA
FUSION_APPS_OIC_SOAINFRA-KEY=OIC_FUSION_SOAINFRA
FUSION_APPS_PATCH_FUSION_DYNAMIC_SCHEMA-KEY=FUSION_DYNAMIC
FUSION_APPS_PATCH_FUSION_RUNTIME_SCHEMA-KEY=FUSION_RUNTIME
FUSION_APPS_PATCH_FUSION_SCHEMA-KEY=FUSION
FUSION_APPS_PRC_MDS_SOA_SCHEMA-KEY=PRC_FUSION_MDS_SOA
FUSION_APPS_PRC_SOAINFRA-KEY=PRC_FUSION_SOAINFRA
FUSION_APPS_PRJ_MDS_SOA_SCHEMA-KEY=PRJ_FUSION_MDS_SOA
FUSION_APPS_PRJ_SOAINFRA-KEY=PRJ_FUSION_SOAINFRA
FUSION_APPS_SCM_MDS_SOA_SCHEMA-KEY=SCM_FUSION_MDS_SOA
FUSION_APPS_SCM_SOAINFRA-KEY=SCM_FUSION_SOAINFRA
FUSION_APPS_SETUP_MDS_SOA_SCHEMA-KEY=SETUP_FUSION_MDS_SOA
FUSION_APPS_SETUP_SOAINFRA-KEY=SETUP_FUSION_SOAINFRA
FUSION_APPS_UCM-KEY=FUSION_OCSERVER11G
FUSION_APPS_WEBCENTER-KEY=FUSION_WEBCENTER
FUSION_ORA_ESS-KEY=FUSION_ORA_ESS
SEARCHSYS-KEY=SEARCHSYS
[oracle.bi.enterprise]
#
# CSF key names and corresponding schema names for the CSF map
# oracle.bi.enterprise.
#
# Used to update the password stored along with the schema name
# for each listed CSF entry.
#
# You should not need to change these values.
# -------------------------------------------------------------
#
scheduler.schema=FUSION_BIPLATFORM
Fusion Applications – Changing Passwords
Copyright © 2012 Oracle Corporation Page 39
Oracle Fusion Applications:
Managing Passwords
May 2012
Author: Jack Desai, A-Team
Oracle Corporation
World Headquarters
500 Oracle Parkway
Redwood Shores, CA 94065 U.S.A.
Worldwide Inquiries:
Phone: +1.650.506.7000
Fax: +1.650.506.7200
oracle.com
Copyright © 2011, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. UNIX is a registered trademark licensed through X/Open Company, Ltd. 1010