Saturday, February 23, 2013

Configure Change Password for Weblogic users in OBIEE 11g

Initially at my current engagement, we were using the inbuilt WebLogic LDAP for controlling user access to OBIEE 11g. We have since switched to using the EBS-ICX cookie SSO method (blog post on how to set this up coming soon), and are currently researching OID integration for SSO.

Side note, the "EBS-ICX" cookie method does not allow for use of Agents or BI Publisher within OBIEE. These are known oracle bugs, but according to the SR I had opened, they are not high on the list to be fixed.

[Update - 10/30/2013: I found a solution to this. Read my post here.]

One of the draw backs to using Weblogic for your Identity Store is that if a user wants to change their password, there is no means of doing so from within OBIEE. I searched the web, and found articles that covered parts, but not the whole thing. Continue on to read step by step instructions to get setup.


The scope of this post is to cover basic Jdeveloper tasks and OBIEE tasks. It also includes general setup instructions to customize the placement of the change password link within the OBIEE Global Header.

JDeveloper Steps

I used JDeveloper to build and deploy the webservice, so this blog post outlines the steps using that tool.
  • Open JDeveloper.

  • Create a New Application called Changepwd, and select Generic Application. Click Next.

  • Name the project PasswordChange, select Java as a Project Technology. Click Next.

  • Name the Default Package as Changepwd. Click Finish.

  • Create a new Java class file called Changepwd.

  • Paste in the contents of Changepwd.java to your new class file in JDeveloper.
    • Changepwd.java
    • Note: You will need to update the variables for weblogic hostname, port, username, and password.

  • Right Click on your main class and select Webservice Properties.

  • Select the default (Java EE 1.5, with support for JAX-WS Annotations), and click on Ok.

  • Select Methods and confirm that the method passwordChange is selected and click Ok.

  • Let’s now deploy the web service to the Weblogic server. Right Click on the project and click Deploy –> Webservices

  • Select Deploy to Application Server. Click Next.

  • Click to add a connection to the Weblogic server. Name it LocalWeblogic.
    • Note: This guide walks through setting up your local weblogic server, but you can easily replace your local info with the main server info you want the WAR deployed to.

  • Select the Application Server you just added, in our case LocalWeblogic. Click Next.

  • Select the second radio button, Deploy to selected instances in the domain. Make sure to check only the BI_cluster, not the AdminServer. Leave Deploy as a standalone Application selected. Click Next. Then click Finish.

  • A new tab in Jdeveloper should appear at the bottom of the screen called Deployment. Monitor here for a successful deployment message. This can take a few minutes.


OBIEE 11g Steps


The following steps take place from within OBIEE. They will create a simple Agent to invoke the webservice deployed above, and then create a hidden dashboard page to be a launch point for the agent.
  • Login to the OBIEE portal (http://localhost:9704/analytics)

  • Create a new Dashboard,called User Settings.
  • Under Location, select Browser…
  • From the Shared Folders folder, select New Folder. Name it User Account.

  • Select the radio button for Add content later (Create empty dashboard). Click Ok.

  • Click on the Catalog link, and navigate to the newly created folder, User Account.
  • Select Permissions to set the appropriate permissions on the new folder, BI Administrator should have Full Control. BI Consumer should have Open.
    • Make sure that Apply permissions to sub-folders and Apply permissions to items within folder are both selected.
  • Click Ok.

  • From the New menu in the OBIEE global navigation, select Action.

  • Choose Invoke Web Service from the popup menu.

  • Plug in the WSDL and click Open.
    • The URL would look like: http://<weblogic host>:<obiee port>/<package name>-<project name>-context-root/<package name>Port?WSDL
    • On my local, it is: http://localhost:9704/Changepwd-PasswordChange-context-root/ChangepwdPort?WSDL
  • Drill down until you can select passwordChange, and select it. Click Ok.

  • This opens up a new dialog box, enter the following values for the prompts (no quotes):
    • passwordChange_arg0 = "Username:"
    • passwordChange_arg1 = "Old Password:"
    • passwordChange_arg2 = "New Password:"
    • passwordChange_arg3 = "Confirm Password:"
  • For the Username argument, for Value select Session Variable, then type in USER and mark it as fixed and hidden.
    • This will force the password change to only work for the current logged in user.

  • Click the Options button to personalize the messages (again, no quotes):
    • Set Dialog Title to "Change Password"
    • Set Action Help Text to "Please enter your existing password and new password below."
    • Set Execute Button Text to "Change Password"
    • Leave all other options blank.

  • Click on the Action Results tab and enter the parameters for the return messages (again, no quotes):
    • Set Dialog Text to "@{passwordChangeResponse}"
    • Create one XPath variable:
      • Name: passwordChangeResponse
      • XPath Expression: Body/passwordChangeResponse/return
    • Set Dialog Title to "Result"

  • Click Ok. Click Save Action.
  • Save the action as Change Password into the User Account Shared Folder you created above.

  • Navigate to your newly created Dashboard, User Settings. Edit the dashboard by placing a new section. In that section, add a text item. Place the following into the text item (making sure to check the Contains HTML Markup box):
  • 
    <script type="text/javascript">
    document.getElementById("idPageOptions").style.display = "none";
    </script>
    Welcome to the change password page. This page will allow you to change your password for access to the Business Intelligence reporting application.<br><br>
    You are currently logged in as <b>@{biServer.variables['NQ_SESSION.USER']}</b>.<br><br>
    Please click the link below to begin the password reset process.
    
    
    

  • Click Ok. Edit the Column Properties. Click on Custom CSS Style Options (HTML Only) and add the following to the Use Custom CSS Style:

  • position:absolute;height:120px; margin-top:40px;


  • Click Ok.
  • Drag an Action Link below your text item in that same section. Name the link Change Password, and navigate to the saved Action Link you saved to the Shared Folder. Don’t define any values, just click on the Ok button.
  • Click Ok to close the Action Link Properties window.

  • On the main section properties, unselect Collapsible. Additionally, from the Section Properties, set the border position to None.

  • Click the icon to save the dashboard. Click the icon to view the results.

  • Click on Catalog. Navigate back to the new User Account folder you created. Select the folder, and then select Properties. Select Hidden, then click Ok.

OBIEE Server Steps

The following steps take place on the OBIEE server. All files references are for a Linux/Solaris install, but file locations will be similar for Windows.

  • Update the following files, to place a link to the Change Password in the header bar:
    • /apps/applobi/OBIEE11g/Oracle_BI1/bifoundation/web/app/res/b_mozilla/header.js
    • /apps/applobi/OBIEE11g/user_projects/domains/bifoundation_domain/servers/bi_server1/tmp/_WL_user/analytics_11.1.1/7dezjl/war/res/b_mozilla/header.js
  • For these two files, find the line:

  • 
    b.push(new obips.ContextMenu.MenuOption(saw.header.getLocalizedString("kmsgHeaderMyAccount"),"",null,new obips.Callback(this,this.onMyAccount)));
    
    


  • and replace it with:

  • 
    b.push(new obips.ContextMenu.MenuOption(saw.header.getLocalizedString("kmsgHeaderMyAccount"),"",null,new obips.Callback(this,this.onMyAccount)));b.push(new obips.ContextMenu.MenuOption(saw.header.getLocalizedString("kmsgHeaderCustomURL"),"",null,new obips.Callback(this,this.onCustomURL)));
    
    


  • then find the line:

  • 
    saw.header.NavBar.prototype.onMyAccount=function(){saw.header.Menubar.getManager().hidePopupPanel();var a=new saw.ondemandload.FuncProxy("obips.AccountInfo.launchDialog",{messageTemplate:"kuiMyAccountDialogHead"});a.exec()};
    
    


  • and replace it with:

  • 
    saw.header.NavBar.prototype.onMyAccount=function(){saw.header.Menubar.getManager().hidePopupPanel();var a=new saw.ondemandload.FuncProxy("obips.AccountInfo.launchDialog", {messageTemplate:"kuiMyAccountDialogHead"});a.exec()};saw.header.NavBar.prototype.onCustomURL=function(){var w = 1920, h = 1080; if (document.all) { w = document.body.clientWidth;h = document.body.clientHeight;x = window.screenTop;y = window.screenLeft;} else if (document.layers) { w = window.innerWidth;h = window.innerHeight;x = window.screenX;y = window.screenY;} var popW = 450, popH = 276;var leftPos = ((w-popW)/2)+y, topPos = ((h-popH)/2)+x;window.open('saw.dll?PortalPages&PortalPath %2Fshared%2FUser%20Account%2F_portal%2FUser%20Settings','passwordresetwindow','toolbar=no, menubar=no, scrollbars=no, resizable=no,location=no, directories=no, status=no, width='+popW+',height='+popH+',top='+topPos+',left='+leftPos);};
    
    



    • Note: Replace the bold part with the path to the location you saved the Action Link in OBIEE above.
  • Update the following file to add the resource id
    • /apps/applobi/OBIEE11g/Oracle_BI1/bifoundation/web/msgdb/common/saw.header.xml
  • For this file, add the following line:                          

  • <resource id="kmsgHeaderCustomURL" />

  • The next file will not exist out of the box, and needs to be created, along with any folders along the way.
    • /apps/applobi/OBIEE11g/instances/instance1/bifoundation/OracleBIPresentationServicesComponent/coreapplication_obips1/msgdb/l_en/customMessages/uicmsgs/saw.header.xml
  • For this file, you will be creating it, so make the contents:

  • 
    <?xml version="1.0" encoding="utf-8"?>
    <webmessagetables xmlns:sawm="com.siebel.analytics.web/message/v1">
    <webmessagetable lang="en-us" system="saw.header" table="Messages">
    
    <webmessage name="kmsgHeaderCustomURL"><text>Change Password</text></webmessage>
    
    </webmessagetable>
    </webmessagetables>
    
    

  • Restart the OBIEE services. You should now see a link under the User menu called Change Password. This will open a new window providing the user with simple instructions to change their password.

32 comments:

  1. Hi Ben,
    I followed up your document and I don't have cluster configured in my BI, so deployed to AdminServer. Deployment went fine. But when I try to Invoke WebService, gets an error saying WSDL not found. Do you know what could be happening?

    ReplyDelete
    Replies
    1. I do not have a cluster either, bi_cluster was just the name in the web logic instance after my OBIEE install. You should have two options when doing the deploy from JDeveloper, the AdminServer and your Managed Server (in my case called bi_cluster):

      – Managed Server : Set of J2EE Applications used for “functioning” the BIEE system

      – Admin Server : Set of J2EE Applications used for “administering” of BI EE system

      Either way, assuming the deploy was successful, you should be able to see the web service. Are you able to do a test from JDeveloper to connect to your newly deployed web service? If so, it is probably just a host name or port issue. If you deployed to the AdminServer, I believe the default port is 7001, so give that a try.

      Delete
  2. How can we mask the password fields to **** instead the real content?

    ReplyDelete
    Replies
    1. That is a good question, and something I started to explore. My guess is something could be done with Javascript, but there doesn't appear to be a way to hide the text with the out of the box OBIEE action framework.

      If I figure out a solution, i'll post another article with my findings.

      Delete
    2. If you found any solution please send it to my email:naveen.sietk@gmail.com

      Thanks in Advance
      naveen

      Delete
    3. Hi Naveen, Ben :- Did you find any way to mask the password field to **** instead of real content. ? Does it make any sense to change string field to password field in java program itself ???

      Delete
    4. Actually, I haven't looked back at this, as we never went live on the solution (instead using ICX Cookie, and later SSO with OID).

      I think it could be done with some JQuery possibly. I'm guessing we can add some javascript to the page, and then do something like what's mentioned here:

      http://stackoverflow.com/questions/1878942/input-type-conversion-jquery

      I don't know if i'll have time to explore this as an option, but if anyone does give it a try and gets it to work, please post back here.

      Delete
  3. Ben, Did you figure out a way to mask the password fields to "*****" ???

    Thanks
    Raghu

    ReplyDelete
    Replies
    1. I have not actually had much time to explore this. Out of the box, OBIEE Action Framework doesn't allow you to specify a field with an input type of password.

      I'm pretty sure some javascript could be written which would mask the text as it was entered into the field.

      Delete
  4. Hi Ben,

    I have to appreciate and thank you simultaneously for blogging this helpful post. I am able to get through this step "Create a new Java class file called Changepwd." but didn't know what to paste(where to get the contents from), if you get a chance can you please let me know that part. Thanks in advance!!

    ReplyDelete
    Replies
    1. Right under that step is a link to a file, Changepwd.java. It is kind of hard to see that it is a link.

      The URL for the file: https://docs.google.com/file/d/0B_shk9i3DvyhVmhOX0dvQkl6cTg/edit?usp=sharing

      Delete
  5. Thanks a bunch for quick turnaround, actually I did click on it earlier but since there was no preview available, didn't notice the download button. Appreciate it!!

    ReplyDelete
  6. Hi Ben
    Followed your document, really good thanks. I've got as far as creating the Action Link on the dashboard page to execute the ChangepwdService. However when I click the link, I get the popup dialog box, I enter Old Password, New Password, Confirm Password, click Change Password link but get the error message Error querying server...Trying to read a config value before initializing the reader.

    Any ideas what this means?

    Thanks
    Joanne

    ReplyDelete
  7. Hi Ben,
    I followed your document and configured password chenge.
    But when i tried to change the password i am getting the error " validation of old password failed " .
    how to resolve this issue.
    Please help me .

    ReplyDelete
  8. Hi Ben,
    Only Weblogic user is able to changing the password.
    Not other users.
    How can i make it possible.

    ReplyDelete
  9. Hi Ben,
    Did you ever try to apply that solution in an OBIEE 11.1.1.7.1?

    Regards,
    Gustavo

    ReplyDelete
    Replies
    1. I have not, as my current engagement is still using OBIEE 11.1.1.6.10. Also, since we are using EBS-ICX Cookie auth (and soon OID SSO), I will proabbly not be spending any more time on this as a solution.

      Delete
  10. Hi Ben,
    when i click change password my result is :
    validation of old password faild
    why?

    ReplyDelete
    Replies
    1. i have same result
      but i resolved
      check "select Session Variable" in edit action dialog box

      Delete
  11. Hi Ben,

    We have implemented JDeveloper and OBIEE Dashboard Steps and it's working perfectly. We have also implemented OBIEE Server steps but we are unable to get that change password option in drop down menu of user.

    We have created / replace the file or it's content in all the 4 path correctly. We have bounced the server also. still we are not getting the option.

    Is there any other steps which we need to follow for OBIEE server setting ??

    Thanks in Advance

    ReplyDelete
    Replies
    1. Hi Amit,

      The reason behind not getting the option in the OBIEE is a technical js Issue. If you try to open it in IE then you would get the expected output.
      While Debugging in Firefox, I found that the variable 'y' in header.js is getting null pointers and hence an exception. This could be solved by adding 'var w = 1920, h = 1080,y = 0,x = 0' ie. initializing x and y.

      Hope this solves the Issue.

      Regards,
      Chinmay Kale

      Delete
  12. me to facing same issue, please could you help me and facing below error

    Action could not be invoked.

    ServiceExecutionFailure :
    Error invoking web service ChangepwdService at endpoint http://xx.xx.xx.xx:9704/Changepwd-PasswordChange-context-root/ChangepwdPort Client received SOAP Fault from server : Failed to retrieve RMIServer stub: javax.naming.AuthenticationException [Root exception is javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User balaji javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User balaji denied]

    ReplyDelete
  13. Thanks for sharing your knowledge and time. it worked for me on Test instance BUT my production is on Exalytics and obiee version 11.1.1.7.1.3x
    Do i need to some extra step or this will work?
    thanks man for sharing your knowledge.

    ReplyDelete
  14. Hi Ben,

    I have deployed the webservice on Weblogic but facing the following error when execute from the OBIEE:

    ServiceExecutionFailure :
    Error invoking web service OBIChangepwdService at endpoint http://172.31.25.239:7001/Changepwd-Changepwd-context-root/OBIChangepwdPort Client received SOAP Fault from server : MustUnderstand headers:[{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}Security] are not understood

    ReplyDelete
    Replies
    1. I got the same error. How did you resolve this

      Delete
  15. Hi Ben,
    I followed your document and users can change their password now.
    But I still have one problem. Link in user menu has label "kmsgHeaderCustomURL" not "Change Password". Can you help me?

    OBIEE version is 11.1.1.7.0

    Thanks in Advance

    ReplyDelete
  16. Hi Ben,
    This is an wonderful information and i had successfully implemented. Just 2 questions can i know if we can set the password expiry for the user and throw an error if the new password is equal to old password. thank you

    ReplyDelete
  17. Hi am unable to find the solution for the bellow error, please can some one take a look into it ..


    he selected operation passwordChange could not be invoked.
    A fault occurred while invoking the webservice operation. The fault is :
    ns0:Server
    Failed to retrieve RMIServer stub: javax.naming.InvalidNameException: port must be an integer

    oracle.sysman.emInternalSDK.webservices.util.SoapTestException: Client received SOAP Fault from server : Failed to retrieve RMIServer stub: javax.naming.InvalidNameException: port must be an integer

    ReplyDelete
  18. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free.
    jiofi 2 settings

    ReplyDelete
  19. Hi Ben,

    When Im trying to click the Changepwd.java.There is the message.
    Sorry, the file you have requested does not exist.


    Make sure that you have the correct URL and the file exists.

    ReplyDelete
  20. Hello there!!

    I have successfully applied your solution and it worked very well, thank you. JioFiLocalHtml

    ReplyDelete
  21. Hi,
    Nice work.
    I cannot acces the code from Changepwd.java.
    I kindly ask you to repost or send it to my email.
    Thank you.
    Petre

    ReplyDelete