Manage Passwords

You may need to update the various credentials used to run an Oracle Java Cloud Service instance in order to meet Oracle security policies, corporate security policies or government regulations, or in response to a perceived security threat.

The specific tools and procedures you use to modify passwords depends on the type of user and where it is stored in the environment. In addition, there are consequences to changing certain system users because other resources in the environment use these credentials as well.

For general information about users in Oracle Java Cloud Service, see About Users.

Topics

• Cloud User Password
• WebLogic Server Administrator Password
• WebLogic Node Manager Password
• Database Password
• Oracle Traffic Director Password
• Application User Password

Cloud User Password

Learn about updating the password for your Java Administrator and related cloud users.

To update your Oracle Cloud password, see Changing and Managing Your Own Passwords in Getting Started with Oracle Cloud.

If you are an Identity Domain Administrator, you can reset other users’ passwords. See Resetting Another User’s Password in Getting Started with Oracle Cloud.

When you create an Oracle Java Cloud Service instance you provide the location of an object storage container along with credentials to access and update backup files in this storage container. If you change the password for this cloud user, you will also need to update the backup configuration of your service instance. Otherwise, both automated and manual backups will fail. See Configure Scheduled Backups for an Oracle Java Cloud Service Instance.

WebLogic Server Administrator Password

By default your Oracle WebLogic Server domain is configured to use the embedded LDAP security provider as the identity store for users, passwords and groups. This includes the WebLogic Server administrator user whose credentials you initialize when you create the Oracle Java Cloud Service instance.

You can use any available WebLogic Server tools to modify user credentials in the embedded LDAP, including the Administration Console, WLST and REST API. To use the Administration Console, see Modify Users in one of these publications:

• Administration Console Online Help (12.2.1.3)

• Administration Console Online Help (11.1.1.7)

You can optionally create a service instance that uses Oracle Identity Cloud Service for authentication. As a result, you can access the WebLogic Server Administration Console and other WebLogic tools for your service instance as Oracle Cloud users. See Use Oracle Identity Cloud Service with Oracle Java Cloud Service.

Administrative credentials are required in order to boot the servers in your domain. A boot identity file is a text file that contains encrypted user credentials for starting and stopping an instance of WebLogic Server. If you change the password for this user, you must also update any boot identity files that use the same credentials. These files are located on the node’s file system. Replace the current encrypted password with your new password. Otherwise, servers may fail to boot if you attempt to restart them.

See Boot Identity Files in one of these publications:

• Administering Server Startup and Shutdown for Oracle WebLogic Server (12.2.1.3)

• Managing Server Startup and Shutdown for Oracle WebLogic Server (11.1.1.7)

For information on using SSH to access Oracle Java Cloud Service nodes, see Access a Node with a Secure Shell (SSH).

WebLogic Node Manager Password

In WebLogic Server, the Node Manager process is used to remotely start and stop servers. When you create or scale out an Oracle Java Cloud Service instance, all Node Managers are configured with a generated user name and password.

These credentials are used to authenticate connections between a client (for example, the Administration Server or Oracle Java Cloud Service) and the Node Manager.

For Oracle Java Cloud Service instances, you cannot modify the Node Manager password by manually editing the nm_password.properties file on a node. This will cause lifecycle and other administrative operations to fail. Instead, you must use the Oracle Java Cloud Service REST API. See Change the Node Manager Credentials in REST API for Oracle Java Cloud Service.

Database Password

The Oracle WebLogic Server domain in an Oracle Java Cloud Service instance is automatically configured with several JDBC data sources. Each data source connects to a database in Oracle Cloud. You specify the database name and credentials for these data sources when you create the service instance.

The Infrastructure Schema Database in a service instance is provisioned with the required Oracle Fusion Middleware schema. To change the password for this database schema and also update the WebLogic domain configuration, see Change the Database Schema Password for an Oracle Java Cloud Service Instance.

When you create a service instance, you can also associate it with one or more Application Schema Databases. If you change the password for one of these databases, the corresponding data source in the WebLogic domain will fail to connect to the database. Use one of the standard WebLogic administrative interfaces to modify the connection properties of the existing data source. See Configuring JDBC Data Sources in one of the following publications:

• Administering JDBC Data Sources for Oracle WebLogic Server (12.2.1.3)

• Configuring and Managing JDBC Data Sources for Oracle WebLogic Server (10.3.6)

For more information about data sources in Oracle Java Cloud Service, see About Data Sources.

Oracle Traffic Director Password

If you add a user-managed load balancer to your Oracle Java Cloud Service instance when you initially create it, the load balancer is configured with the same credentials as the WebLogic Server administrator.

If you add a user-managed balancer to an existing service instance, you have the option to provide different credentials. In either case you can use the Load Balancer Console to change this user’s password.

• For service instances running Oracle Traffic Director 12c, see Configure WebLogic Server Users in Administering Oracle WebLogic Server with Fusion Middleware Control. Be sure to access the console for the load balancer, and not for the WebLogic Server domain.

• For service instances running Oracle Traffic Director 11g, see Securing Access to the Administration Server in Oracle Traffic Director Administrator’s Guide.

Application User Password

By default your Oracle WebLogic Server domain is configured to use the embedded LDAP security provider as the identity store for users, passwords and groups. This includes any custom application users you’ve defined.

You can use any available WebLogic Server tools to modify user credentials in the embedded LDAP, including the Administration Console, WLST and REST API. To use the Administration Console, see Modify Users in one of these publications:

• Administration Console Online Help (12.2.1.3)

• Administration Console Online Help (11.1.1.7)

Alternatively, you can customize your WebLogic domain to use other security providers for users and passwords, such as a database, an LDAP server, or Oracle Identity Cloud Service. In general, you do not use WebLogic Server to directly modify user credentials in these external identity stores. Instead use the native administrative tools offered by these resources. For more information about security providers, see About Authentication.