Here is how you can you or administrators can get away from providing user name and password or even server url in plain text when using WLST to modify the OIM metadata:
Step1: Connect to Admin Server using wlst.sh using the user using which you run the wlst.sh command. For example, in my case, I have created a user deployer with administrator and oimuser roles in the weblogic security realm to deploy the OIM metadata.
Step2: Run the below command:
storeUserConfig('configfile.secure','keyfile.secure')
Creating the key file can reduce the security of your system if it is not kept in a secured location after it is created. Do you want to cre
ate the key file? y or n y
The username and password that were used for this WebLogic Server connection are stored in configfile.secure and keyfile.secure.
Note: if you choose to create them in different directory, then prefix the directory path with the file name. For example, storeUserConfig('C:\configfile.secure','C:\keyfile.secure'). You can also choose a different name for the files.
This will create a user configuration file that contains your credentials in an encrypted form and a key file that WebLogic Server uses to unencrypt the credentials.
Step3: wls:/OIMDomain/serverConfig> exit()
Step4: Take the backup of weblogicExportMetadata.py.
Step5: Modify the weblogicExportMetadata.py as below:
Replace: connect() with
connect(userConfigFile='configfile.secure',userKeyFile='keyfile.secure',url='t3://host:14000')
Note: Please provide the absolute path if the configuration files are not in ORACLE_HOME/server/bin directory.
Step6: Save the python script.
Step7: Now, you can run the weblogicExportMetadata.bat and you will see that it won't prompt you to enter the username & password. See below:
Initializing WebLogic Scripting Tool (WLST) ...
Welcome to WebLogic Server Administration Scripting Shell
Type help() for help on available commands
Starting export metadata script ....
Connecting to t3://host:14000 with userid deployer ...
Successfully connected to managed Server 'oim_server1' that belongs to domain 'OIMDomain'.
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
Location changed to custom tree. This is a writable tree with No root.
For more help, use help(custom)
Disconnected from weblogic server: oim_server1
End of export metadata script ...
Note: In case of unix, follow step 1 -4 on .sh files. You can repeat the same steps for weblogicImportMetadata.sh & weblogicDeleteMetadata.sh.
Addendum:
In your weblogicExportMetadata.py script, if you want Server URL, path of the above files to be dynamic, here is what you need to do:
Step1: Create a properties file i.e., creds.properties as below:
[Properties File for Deployment]
url: t3://host:14000
userConfigFile: C:\configfile.secure
userKeyFile: C:\keyfile.secure
Step2: Updated your weblogicExportMetadata.py script as below:
"""
Custom OIM metadata Script for Deployment
"""
print 'Starting export metadata script .... '
import ConfigParser
import string
config = ConfigParser.ConfigParser()
config.read("C:\creds.properties")
for section in config.sections():
serverurl = config.get(section,'url')
userFile = config.get(section,'userConfigFile')
keyFile = config.get(section,'userKeyFile')
connect(userConfigFile=userFile,userKeyFile=keyFile,url=serverurl)
exportMetadata(application=application_name,
server=wls_servername,
toLocation=metadata_to_loc,
docs=metadata_files,
applicationVersion='*')
disconnect ()
print 'End of export metadata script ...'
exit()
References:
