Setting Up External Password Storage

Before You Begin

This tutorial walks you through the steps needed to configure external password storage for Oracle Data Integrator (ODI).
This tutorial takes approximately 15 minutes to complete.

Background

Oracle Data Integrator stores by default all security information in the master repository. This password storage option is called internal password storage.

Oracle Data Integrator can optionally use Oracle Platform Security Services (OPSS) for storing critical security information. When using OPSS with Oracle Data Integrator, the data server passwords and context passwords are stored in the OPSS Credential Store Framework (CSF). This password storage option is called external password storage.

Note: When using external password storage, other security details such as user names, password, and privileges remain in the master repository. It is possible to externalize the authentication and have users and password stored in an identity store using external authentication. Also, the external password storage option is unrelated to the external authentication feature. For more information about external authentication, see Configuring External Authentication.

What Do You Need?

To use the external password storage option:

1. You need to install a WebLogic Server instance configured with OPSS.
2. All Oracle Data Integrator components, including the run-time agent, need to have access to the remote credential store.

See the Configuring Java EE Applications to Use OPSS chapter in Securing Applications with Oracle Platform Security Services for more information.

Setting the Password Storage

There are four ways to set or modify the password storage:

1. Importing the master repository (see the Importing the Master Repository section in Developing Integration Projects with Oracle Data Integrator) allows you to change the password storage.
2. Creating the master repository (see Creating the Master Repository) allows you to define the password storage.
3. Switching the Password Storage modifies the password storage for an existing master repository.
4. Recovering the Password Storage allows you to recover from a credential store crash.

Switching the Password Storage

Switching the password storage of the Oracle Data Integrator repository changes how data servers and contexts passwords are stored. This operation must be performed by a SUPERVISOR user.

Use the Switch Password Storage wizard to change the password storage options of the data server passwords.

Before launching the Switch Password Storage wizard perform the following tasks:

1. Disconnect Oracle Data Integrator Studio from the repository.
2. Shut down every component using the Oracle Data Integrator repository.

To launch the Switch Password Storage wizard:

1. From the ODI main menu, select Password Storage > Switch
2. Specify the login details of your Oracle Data Integrator master repository as defined when connecting to the master repository (see: Connecting to the Master Repository).
3. Click Next.
4. Select the password storage:

• Select Internal Password Storage if you want to store passwords in the Oracle Data Integrator repository.
• Select External Password Storage if you want use OPSS Credential Store Framework (CSF) to store the data server and context passwords.

If you select external password storage, you must provide the MBean Server Parameters (listed below) to access the credential store and then click Test Connection, to check the connection to the MBean Server:

• Server - From the list, select the application server.
• Host - MBeans server host. For example, machine.example.com
• JMS Port - MBeans Server Port. For example, 7001
• User - MBeans Server user name. For example, weblogic
• Password - MBean server password

5. Click Finish.

The password storage options have been changed. You can now reconnect to the Oracle Data Integrator repository.

Recovering the Password Storage

Oracle Data Integrator offers a password recovery service that should be used only in case of an external password storage crash. Using this procedure, password storage is forced to internal password storage because external storage is no longer available. This operation should be performed by a supervisor user.

When performing a password storage recovery, passwords for context, data servers, JDBC password of the work repository and Enterprise Scheduler related passwords are lost and need to be re-entered manually in Topology Navigator.

Use the Recover Password Storage wizard to start the password recovery.

To launch the Recover Password Storage wizard:

1. From the ODI main menu, select Password Storage > Recover
2. Specify the login details of your Oracle Data Integrator master repository defined when connecting to the master repository (see: Connecting to the Master Repository).
3. Click Finish.
4. Re-enter manually data server and context passwords. Refer to Setting Up a Topology for more information.

Want to Learn More?

• Oracle Data Integrator 12c Documentation
• To learn more about other Oracle products, refer to additional OBEs in the Learning Library.
• To learn more about OPSS, refer to OPSS Documentation.