Have you ever forgotten your root account password to your Oracle Identity Manager installation? For most corporate environments, this doesn’t happen too often, but it is possible. I mainly forget them in demo Virtual Machines that I build out. Well, have no fear, there’s a way to hack the OIM Admin account (xelsysadm) to get it to whatever you want. You will need commit / write access to the USR table of the OIM repository database.
Please use extreme caution when following these steps. You could permanently disable the xelsysadm account if done incorrectly. Because of this, these steps are to be done only in a last resort, emergency situation. Also, take a full backup of your OIM database before doing this. It is possible to erase all passwords of all user accounts if done improperly!
1. Get the OIM Login ID of a user where you know the password. This can be done a couple ways:
- – Copy the Login ID of an existing user where you know the password
- – Create a new user using another administrator account that has the ability to create users and then after the user is created. If you have an entity adapter in place to set the initial password, make sure to change the new users password after initial create because OIM will set the initial password via the Entity Adapter.
2. Log into the OIM Repository Database with a DBA account and run this query:
SELECT USR_PASSWORD FROM USR WHERE USR_LOGIN=’[Login ID of Account with known password]’;
3. Copy the returned encrypted password hash to a clipboard.
4. Run this SQL statement to update the system administrator account with the new password:
UPDATE USR SET USR_PASSWORD=’[paste password hash]’ WHERE USR_LOGIN=’XELSYSADM’;
(the usr_login value is case sensitive)
5. Go to the Web Admin Console and login as “xelsysadm” with the password of the known or newly created user.
6. After logging in, you will be prompted to change your password.
7. Change your password to something different and click the Save button.
That’s all there is to it, now you have access to your oim admin account again =)