How To Encrypt a Password Using ODI


Every major version of ODI – 12.2, 12.1.3, 12.1.2, 11g, 10g – uses a different algorithm to encrypt passwords, and there is no compatibility whatsoever between the respective algorithms.

Hence passwords must be encoded using the encryption function provided with the version of ODI in which password will be used.

For example:
– Do not use ODI 12.2 encoding for a password which will be used in ODI 12.1.3 (and older).
– Do not use ODI 11g encoding for passwords used in ODI 12c.
– etc

Encrypt the password for ODI 12.2 and 12.1.3

The script for encoding passwords is called encode.cmd (.sh) and is found in the standalone/colocated Agent Domain “bin” folder.

  1. At the command prompt, navigate to your ODI <DOMAIN_HOME>/bin
  2. Set the JAVA_HOME environment variable pointing to your JDK home.
  3. Issue the encode command per below syntax:
    encode.cmd(sh) “-INSTANCE=<instance_name>” <password>

    where “-INSTANCE=<instance_name>” refers to your ODI Agent name (for example, OracleDIAgent1)

    If you have multiple Agent definitions, to get a correct value of -INSTANCE:
    (a). Start ODI Studio. navigate to the Topology, and check the name(s) of Physical Agent(s).
    (b). Under ODI <DOMAIN_HOME>/config/fmwconfig/components/ODI folder, see if a sub-directory with same name exists.
    (c). Then set -INSTANCE to that name.

ODI1213_encode

ODI 12.2 and 12.1.3 encryption requires Master Repository connection to perform encryption.

The encryption can be done in either:

  • ODI Studio directly (ODI Studio has ability to encrypt strings and does so as part of ODI Tools password parameter encryption)… or
  • Using the encode.cmd|sh script available once ODI standalone or colocated Agent is configured and deployed in a Domain. Please consult Note 1984054.1 for details.

    Note the Agent configuration provides the necessary connectivity to ODI Repository for the encode.sh and other tools to use.

There exists encode.sh script in ODI installation under <OH>/odi/agent/internal/bin. Scripts here are not executable directly. They are used in turn by the scripts laid down in a agent Domain. You need to use the scripts created in the ODI standalone/colocated agent bin directory to perform actions that need ODI Repository connectivity.

Encrypt the password for ODI 12.1.2

The script for encoding passwords is called encode.cmd (.sh) and is found in the standalone Agent “odi/agent/bin” folder.

  1. At the command prompt, navigate to your ODI <ORACLE_HOME>/odi/agent/bin
  2. Set the JAVA_HOME environment variable pointing to your JDK home.
  3. Set a variable ODI_HOME to your ODI <ORACLE_HOME>\odi\agent.
    The following error will be raised if ODI_HOME is not set:

    The system cannot find the path specified.
    Exception in thread “main” java.lang.NoClassDefFoundError: oracle/odi/Encode
    Caused by: java.lang.ClassNotFoundException: oracle.odi.Encode
    at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
    Could not find the main class: oracle.odi.Encode.  Program will exit.
  4. Issue the encode command per below syntax:
    encode.cmd(sh) <password>

ODI1212_encode

Encrypt the password for ODI 11g

The script for encoding passwords is called encode.bat(cmd|sh) and is found in the standalone Agent “oracledi/agent/bin” folder.

  1. At the command prompt, navigate to your ODI <ORACLE_HOME>/oracledi/agent/bin
  2. Set the JAVA_HOME environment variable pointing to your JDK home.
  3. Set a variable ODI_HOME to your ODI Agent home folder.

    For example (on Windows):

    set ODI_HOME=C:\Oracle\ODI12C\odi\agent
  4. Issue the encode command per below syntax:
    encode.bat(cmd|sh) <password>

    For example on Windows:

    encode myString

    For example on Unix:

    ./encode.sh myString

    where myString is the string used for the password to be encrypted.

    The result of this operation is the encrypted string.

    For information, the “encode.cmd(.bat)(.sh)” command script refers to to the “oracle.odi.Encode” method, and requires the following Java libraries from the Agent “lib” directory:

    • commons-lang-2.2.jar
    • odi-core.jar
    • odi-standalone-agent.jar
    • spring-core.jar
ODI 11g has new mechanism and script to encode the passwords, the old values encoded using the agent encode script in ODI 10g will not work with ODI 11g and onwards.

Therefore, ODI 10g users, even if the passwords have not changed, make sure to re-encode the passwords using the encode script and enter the new value in the Agent’s odiparams file.

Otherwise, you may run into error messages described in Note 563284.1 “Execution Of ODI Scenario With “startscen” Command Does Not Start Due To IndexOutOfBoundsException Or NullPointerException Or NoClassDefFoundError Or ODI-1218 Or ODI-1414 Or ODI-1418 Messages”.

Encrypt the password for ODI 10g and legacy Sunopsis

Launch the Oracle Data Integrator (ODI) Agent with the encode parameter.

For example, open a command window, set your cursor to the ‘/oracledi/bin’ (‘/sunopsis/bin’) folder and run the following command:

  • On Microsoft Windows operating systems

    agent.bat encode myString
  • On Unix-like operating systems

    ./agent.sh encode myString

where myString is the password to be encrypted.

The result of this operation is the encrypted string.

In all versions of ODI, even if the target password is null (an empty string), you are obliged to encrypt it, by using the appropriate command and an empty (blank) myString value.

Thanks,

~KKT~

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s