OIM does not allow to Decrypt user password from User form now. So, as a workaround, we can fetch the password from Process form and Decrypt it using the below code:
package Retry_Failed;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.security.auth.login.LoginException;
import com.thortech.xl.dataaccess.tcDataBaseClient;
import com.thortech.xl.dataaccess.tcDataProvider;
import com.thortech.xl.dataaccess.tcDataSet;
import Thor.API.tcResultSet;
import Thor.API.Operations.tcFormInstanceOperationsIntf;
import Thor.API.Operations.tcUserOperationsIntf;
import Thor.API.Security.XLClientSecurityAssociation;
import oracle.iam.platform.OIMClient;
import oracle.iam.provisioning.api.ProvisioningService;
import oracle.iam.provisioning.vo.Account;
public class Decrypt
{
private static OIMClient oimClient;
public static void init() throws LoginException {
String hostName = "oim_hostname";
String port = "oim_port_no";
System.out.println("Creating client....");
String ctxFactory = "weblogic.jndi.WLInitialContextFactory";
String serverURL = "t3://" + hostName + ":" + port;
String username = "xelsysadm";
String password = "xelsysadm_Password";
System.setProperty("java.security.auth.login.config",
"Location of Local authwl.comf");
System.setProperty("APPSERVER_TYPE", "wls");
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, ctxFactory);
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, serverURL);
oimClient = new OIMClient(env);
System.out.println("Logging in");
oimClient.login(username, password);
System.out.println("Log in successful");
}
public static void main(String args[]) throws Exception
{
init();
tcDataProvider dbProvider = null;
String userLogin = null;
Map<String, String> challengeQuestionAnswer = new HashMap<String, String>();
XLClientSecurityAssociation.setClientHandle(oimClient);//Needed for database client
dbProvider = new tcDataBaseClient(); //Connection to OIM Schema
tcDataSet dataSet = new tcDataSet(); //Stores the result set of an executed query
tcDataSet dataSet_PCQ = new tcDataSet(); //Stores the result set of an executed query
String query = "SELECT * FROM USR where USR_LOGIN in UPPER('USR_LOGIN of User to Decrypt password For')";
dataSet.setQuery(dbProvider, query); //Set query and database provider
dataSet.executeQuery(); //execute query and store results into dataSet object
int records = dataSet.getTotalRowCount();
String usr_key="";
for(int i = 0; i < records; i++)
{
dataSet.goToRow(i); //move pointer to next record
usr_key = dataSet.getString("USR_KEY");
// String decryptPwd = tcCryptoUtil.decrypt(encPwd,"DBSecretKey");
userLogin = dataSet.getString("USR_LOGIN");
String userStatus = dataSet.getString("USR_STATUS");
System.out.printf("User Login: %s\nStatus: %s\nKey: %s\n\n", userLogin, userStatus, usr_key);
// System.out.printf("User Login: %s\nStatus: %s\nPassword: %s\n\n", userLogin, userStatus, decryptPwd);
}
// }
challengeQuestionAnswer = getChallengeQuesAns(usr_key);
for (Entry<String, String> entry : challengeQuestionAnswer.entrySet()) {
System.out.println("Question : "+entry.getKey()+" Answer : "+entry.getValue());
}
long procInstKey = getProcessInstKeyOfRes("LDAP User", usr_key, new String[] { "Provisioned", "Enabled" }, oimClient, userLogin);
String passkey = getLDAPPassword(oimClient, procInstKey);
System.out.println("Entering into password:: " + passkey);
}
private static Map<String, String> getChallengeQuesAns(String usr_key) {
Map<String, String> challengeQuestionAnswers = new HashMap<String, String>();
try
{
tcUserOperationsIntf userOperationsIntf = (tcUserOperationsIntf) oimClient
.getService(tcUserOperationsIntf.class);
tcResultSet resultSet = userOperationsIntf
.getChallengeValuesForUser(Long.parseLong(usr_key));
if ((resultSet == null) || (resultSet.isEmpty())) {
System.out.println("ResultSet is Empty or null");
return challengeQuestionAnswers;
}
int rowCount = resultSet.getRowCount();
for (int j = 0; j < rowCount; j++) {
resultSet.goToRow(j);
String[] columnNames = resultSet.getColumnNames();
for (int i = 0; i < columnNames.length; i++) {
String question = resultSet.getStringValue("Users.Password Challenge Question.Question");
String answer = resultSet.getStringValue("Users.Password Challenge Question.Answer");
challengeQuestionAnswers.put(question, answer);
}
}
} catch (Exception e) {
e.printStackTrace();
}
return challengeQuestionAnswers;
}
public static long getProcessInstKeyOfRes(String res_Name, String userkey, String[] statusArray, OIMClient oimClient, String userLogin)
throws Exception
{
long longProcessInstanceKey = 0L;
String methodName = "getProcessInstKeyOfRes():::";
ProvisioningService ps = (ProvisioningService)oimClient.getService(ProvisioningService.class);
try
{
System.out.println(methodName + "Entering into method:: " + methodName);
List<Account> userAccount = ps.getAccountsProvisionedToUser(userkey);
System.out.println(methodName + "size of list--->" + userAccount.size());
System.out.println(userAccount);
for (Account account : userAccount) {
// System.out.println(account.getAppInstance()+"\n"+account.getAccountDescriptiveField());
// account.get
// if ((account.getAppInstance().toString().contains("Enterprise")) || (account.getAppInstance().toString().contains("ODSEE"))) {
if (account.getAppInstance().toString().contains("ODSEE") && account.getAccountDescriptiveField().toString().contains(userLogin)){
if ((Arrays.asList(statusArray).contains(account.getAccountStatus().toString())) && (account.getAccountType().toString().equalsIgnoreCase("Primary")))
{
System.out.println(methodName + " >>>>>> account.getAccountType() " + account.getAccountType());
System.out.println(methodName + " >>>>>> account.getAccountStatus() " + account.getAccountStatus());
System.out.println(methodName + " >>>>>> account.getProcessInstanceKey() " + account.getProcessInstanceKey());
longProcessInstanceKey = Long.parseLong(account.getProcessInstanceKey().toString());
}
}
}
System.out.println(methodName + "longProcessInstanceKey --->" + longProcessInstanceKey);
}
catch (Exception e)
{
System.out.println(methodName + ".START().ERROR()-> " + e.getMessage());
throw new Exception("ERROR");
}
return longProcessInstanceKey;
}
public static String getLDAPPassword(OIMClient oimClient, long procInstKey)
throws Exception
{
String ldapPassword = null;
String methodName = "getLDAPPassword():::";
String usrID = null;
try
{
System.out.println(methodName + "Entering into method:: " + methodName);
if (procInstKey > 0L)
{
tcFormInstanceOperationsIntf formInstanceOperationsIntf = (tcFormInstanceOperationsIntf)oimClient.getService(tcFormInstanceOperationsIntf.class);
tcResultSet resultSet = formInstanceOperationsIntf.getProcessFormData(procInstKey);
int rowCount = resultSet.getRowCount();
System.out.println(methodName + "rowCount = " + rowCount);
for (int j = 0; j < rowCount; j++)
{
resultSet.goToRow(j);
ldapPassword = resultSet.getStringValue("UD_LDAP_USR_PASSWORD");
usrID = resultSet.getStringValue("UD_LDAP_USR_USERID");
}
}
System.out.println(methodName + "usrID = " + usrID);
System.out.println(methodName + "Exiting method:: " + methodName);
}
catch (Exception e)
{
System.out.println(methodName + ".START().ERROR()-> " + e.getMessage());
throw new Exception("ERROR");
}
return ldapPassword;
}
}
package Retry_Failed;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import javax.security.auth.login.LoginException;
import com.thortech.xl.dataaccess.tcDataBaseClient;
import com.thortech.xl.dataaccess.tcDataProvider;
import com.thortech.xl.dataaccess.tcDataSet;
import Thor.API.tcResultSet;
import Thor.API.Operations.tcFormInstanceOperationsIntf;
import Thor.API.Operations.tcUserOperationsIntf;
import Thor.API.Security.XLClientSecurityAssociation;
import oracle.iam.platform.OIMClient;
import oracle.iam.provisioning.api.ProvisioningService;
import oracle.iam.provisioning.vo.Account;
public class Decrypt
{
private static OIMClient oimClient;
public static void init() throws LoginException {
String hostName = "oim_hostname";
String port = "oim_port_no";
System.out.println("Creating client....");
String ctxFactory = "weblogic.jndi.WLInitialContextFactory";
String serverURL = "t3://" + hostName + ":" + port;
String username = "xelsysadm";
String password = "xelsysadm_Password";
System.setProperty("java.security.auth.login.config",
"Location of Local authwl.comf");
System.setProperty("APPSERVER_TYPE", "wls");
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, ctxFactory);
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, serverURL);
oimClient = new OIMClient(env);
System.out.println("Logging in");
oimClient.login(username, password);
System.out.println("Log in successful");
}
public static void main(String args[]) throws Exception
{
init();
tcDataProvider dbProvider = null;
String userLogin = null;
Map<String, String> challengeQuestionAnswer = new HashMap<String, String>();
XLClientSecurityAssociation.setClientHandle(oimClient);//Needed for database client
dbProvider = new tcDataBaseClient(); //Connection to OIM Schema
tcDataSet dataSet = new tcDataSet(); //Stores the result set of an executed query
tcDataSet dataSet_PCQ = new tcDataSet(); //Stores the result set of an executed query
String query = "SELECT * FROM USR where USR_LOGIN in UPPER('USR_LOGIN of User to Decrypt password For')";
dataSet.setQuery(dbProvider, query); //Set query and database provider
dataSet.executeQuery(); //execute query and store results into dataSet object
int records = dataSet.getTotalRowCount();
String usr_key="";
for(int i = 0; i < records; i++)
{
dataSet.goToRow(i); //move pointer to next record
usr_key = dataSet.getString("USR_KEY");
// String decryptPwd = tcCryptoUtil.decrypt(encPwd,"DBSecretKey");
userLogin = dataSet.getString("USR_LOGIN");
String userStatus = dataSet.getString("USR_STATUS");
System.out.printf("User Login: %s\nStatus: %s\nKey: %s\n\n", userLogin, userStatus, usr_key);
// System.out.printf("User Login: %s\nStatus: %s\nPassword: %s\n\n", userLogin, userStatus, decryptPwd);
}
// }
challengeQuestionAnswer = getChallengeQuesAns(usr_key);
for (Entry<String, String> entry : challengeQuestionAnswer.entrySet()) {
System.out.println("Question : "+entry.getKey()+" Answer : "+entry.getValue());
}
long procInstKey = getProcessInstKeyOfRes("LDAP User", usr_key, new String[] { "Provisioned", "Enabled" }, oimClient, userLogin);
String passkey = getLDAPPassword(oimClient, procInstKey);
System.out.println("Entering into password:: " + passkey);
}
private static Map<String, String> getChallengeQuesAns(String usr_key) {
Map<String, String> challengeQuestionAnswers = new HashMap<String, String>();
try
{
tcUserOperationsIntf userOperationsIntf = (tcUserOperationsIntf) oimClient
.getService(tcUserOperationsIntf.class);
tcResultSet resultSet = userOperationsIntf
.getChallengeValuesForUser(Long.parseLong(usr_key));
if ((resultSet == null) || (resultSet.isEmpty())) {
System.out.println("ResultSet is Empty or null");
return challengeQuestionAnswers;
}
int rowCount = resultSet.getRowCount();
for (int j = 0; j < rowCount; j++) {
resultSet.goToRow(j);
String[] columnNames = resultSet.getColumnNames();
for (int i = 0; i < columnNames.length; i++) {
String question = resultSet.getStringValue("Users.Password Challenge Question.Question");
String answer = resultSet.getStringValue("Users.Password Challenge Question.Answer");
challengeQuestionAnswers.put(question, answer);
}
}
} catch (Exception e) {
e.printStackTrace();
}
return challengeQuestionAnswers;
}
public static long getProcessInstKeyOfRes(String res_Name, String userkey, String[] statusArray, OIMClient oimClient, String userLogin)
throws Exception
{
long longProcessInstanceKey = 0L;
String methodName = "getProcessInstKeyOfRes():::";
ProvisioningService ps = (ProvisioningService)oimClient.getService(ProvisioningService.class);
try
{
System.out.println(methodName + "Entering into method:: " + methodName);
List<Account> userAccount = ps.getAccountsProvisionedToUser(userkey);
System.out.println(methodName + "size of list--->" + userAccount.size());
System.out.println(userAccount);
for (Account account : userAccount) {
// System.out.println(account.getAppInstance()+"\n"+account.getAccountDescriptiveField());
// account.get
// if ((account.getAppInstance().toString().contains("Enterprise")) || (account.getAppInstance().toString().contains("ODSEE"))) {
if (account.getAppInstance().toString().contains("ODSEE") && account.getAccountDescriptiveField().toString().contains(userLogin)){
if ((Arrays.asList(statusArray).contains(account.getAccountStatus().toString())) && (account.getAccountType().toString().equalsIgnoreCase("Primary")))
{
System.out.println(methodName + " >>>>>> account.getAccountType() " + account.getAccountType());
System.out.println(methodName + " >>>>>> account.getAccountStatus() " + account.getAccountStatus());
System.out.println(methodName + " >>>>>> account.getProcessInstanceKey() " + account.getProcessInstanceKey());
longProcessInstanceKey = Long.parseLong(account.getProcessInstanceKey().toString());
}
}
}
System.out.println(methodName + "longProcessInstanceKey --->" + longProcessInstanceKey);
}
catch (Exception e)
{
System.out.println(methodName + ".START().ERROR()-> " + e.getMessage());
throw new Exception("ERROR");
}
return longProcessInstanceKey;
}
public static String getLDAPPassword(OIMClient oimClient, long procInstKey)
throws Exception
{
String ldapPassword = null;
String methodName = "getLDAPPassword():::";
String usrID = null;
try
{
System.out.println(methodName + "Entering into method:: " + methodName);
if (procInstKey > 0L)
{
tcFormInstanceOperationsIntf formInstanceOperationsIntf = (tcFormInstanceOperationsIntf)oimClient.getService(tcFormInstanceOperationsIntf.class);
tcResultSet resultSet = formInstanceOperationsIntf.getProcessFormData(procInstKey);
int rowCount = resultSet.getRowCount();
System.out.println(methodName + "rowCount = " + rowCount);
for (int j = 0; j < rowCount; j++)
{
resultSet.goToRow(j);
ldapPassword = resultSet.getStringValue("UD_LDAP_USR_PASSWORD");
usrID = resultSet.getStringValue("UD_LDAP_USR_USERID");
}
}
System.out.println(methodName + "usrID = " + usrID);
System.out.println(methodName + "Exiting method:: " + methodName);
}
catch (Exception e)
{
System.out.println(methodName + ".START().ERROR()-> " + e.getMessage());
throw new Exception("ERROR");
}
return ldapPassword;
}
}