Hello, do you know if there is any way to decrypt a passwords of users in fileRegistry.xml. I have this system, where I did the export using BPMConfig command and I need to find out the password of a user, that no one seems to know.



------------------------------
JOAO PEDRO ALEXANDRE
------------------------------

If nobody knows the password you can reset it to a known value.  Either via the console (Users & Groups > Manage Users) or via the command line:
https://www.ibm.com/docs/en/was/8.5.5?topic=commands-updateuser-command

If you need to update the WebSphere Cell admin or Deployment Environment admin then follow these instructions:
https://www.ibm.com/docs/en/baw/20.x?topic=passwords-changing-business-automation-workflow-after-installation

------------------------------
Paul Band
------------------------------

Original Message:
Sent: Mon January 24, 2022 08:04 AM
From: JOAO PEDRO ALEXANDRE
Subject: BPMConfig export fileRegistry.xml

Hello, do you know if there is any way to decrypt a passwords of users in fileRegistry.xml. I have this system, where I did the export using BPMConfig command and I need to find out the password of a user, that no one seems to know.



------------------------------
JOAO PEDRO ALEXANDRE
------------------------------

Hi Paul,
yes, it is the cell admin password, they gave me the bpmadmin one, but not the celladmin. 
I will read the instructions in the link you posted.

Thanks very much.

------------------------------
JOAO PEDRO ALEXANDRE
------------------------------

Original Message:
Sent: Tue January 25, 2022 04:43 AM
From: Paul Band
Subject: BPMConfig export fileRegistry.xml

If nobody knows the password you can reset it to a known value.  Either via the console (Users & Groups > Manage Users) or via the command line:
https://www.ibm.com/docs/en/was/8.5.5?topic=commands-updateuser-command

If you need to update the WebSphere Cell admin or Deployment Environment admin then follow these instructions:
https://www.ibm.com/docs/en/baw/20.x?topic=passwords-changing-business-automation-workflow-after-installation

------------------------------
Paul Band

Original Message:
Sent: Mon January 24, 2022 08:04 AM
From: JOAO PEDRO ALEXANDRE
Subject: BPMConfig export fileRegistry.xml

Hello, do you know if there is any way to decrypt a passwords of users in fileRegistry.xml. I have this system, where I did the export using BPMConfig command and I need to find out the password of a user, that no one seems to know.



------------------------------
JOAO PEDRO ALEXANDRE
------------------------------

Data in fileRegistry.xml should be not reversible – and you can not decrypt passwords from there.
However BAW stores Cell Admin and DE Admin credentials in J2C aliases (CellAdminAlias, DeAdminAlias) – and password from there are easily decryptable.
If you have access to file system just check <profile>/config/cells/<cellName>/security.xml file.
Where you can find entries like: alias="CellAdminAlias" userId="yourAdminName" password="{xor}SomeXoredDataHere"
Then you can de-XOR it using different ways e.g. using built-in IBM class.

Example:
wsadmin.sh -lang jython -conntype none -c "import com.ibm.ws.security.util.PasswordDecoder as pd; pd.main(['{xor}SomeXoredDataHere']);"

Response will be:
decoded password == "YourPlainTextPassword"

If you know password for Cell Admin you can change password of any (file based) user from WAS console.

--
Sebastian Tylko

------------------------------
Sebastian Tylko
------------------------------

Original Message:
Sent: Mon January 24, 2022 08:04 AM
From: JOAO PEDRO ALEXANDRE
Subject: BPMConfig export fileRegistry.xml

Hello, do you know if there is any way to decrypt a passwords of users in fileRegistry.xml. I have this system, where I did the export using BPMConfig command and I need to find out the password of a user, that no one seems to know.



------------------------------
JOAO PEDRO ALEXANDRE
------------------------------

Hi Sebastian,
thanks for your tip, I found the celladmin password in the file you mentioned and decoded it.

------------------------------
JOAO PEDRO ALEXANDRE
------------------------------

Original Message:
Sent: Tue January 25, 2022 06:05 AM
From: Sebastian Tylko
Subject: BPMConfig export fileRegistry.xml

Data in fileRegistry.xml should be not reversible – and you can not decrypt passwords from there.
However BAW stores Cell Admin and DE Admin credentials in J2C aliases (CellAdminAlias, DeAdminAlias) – and password from there are easily decryptable.
If you have access to file system just check <profile>/config/cells/<cellName>/security.xml file.
Where you can find entries like: alias="CellAdminAlias" userId="yourAdminName" password="{xor}SomeXoredDataHere"
Then you can de-XOR it using different ways e.g. using built-in IBM class.

Example:
wsadmin.sh -lang jython -conntype none -c "import com.ibm.ws.security.util.PasswordDecoder as pd; pd.main(['{xor}SomeXoredDataHere']);"

Response will be:
decoded password == "YourPlainTextPassword"

If you know password for Cell Admin you can change password of any (file based) user from WAS console.

--
Sebastian Tylko

------------------------------
Sebastian Tylko

Original Message:
Sent: Mon January 24, 2022 08:04 AM
From: JOAO PEDRO ALEXANDRE
Subject: BPMConfig export fileRegistry.xml

Hello, do you know if there is any way to decrypt a passwords of users in fileRegistry.xml. I have this system, where I did the export using BPMConfig command and I need to find out the password of a user, that no one seems to know.



------------------------------
JOAO PEDRO ALEXANDRE
------------------------------

There is no way to decrypt the password of users in fileRegistry.xml. You can only reset a user's password in WebSphere when it is configured with a Federated Repository, typically, if user accounts reside in the fileRegistry.xml file on the WAS.

In the WebSphere admin console, expand Users and Groups and select Manage Users. When users are displayed, check the Unique Name column to determine if the user account resides on a file on the WebSphere server (defaultWIMFileBasedRealm). You would only reset the password if the user account resides in fileRegistry.xml on the WAS.

And another way to use wsadmin command to reset the user password (https://www.ibm.com/docs/en/was/8.5.5?topic=commands-changefileregistryaccountpassword-command)

For example:

$AdminTask changeFileRegistryAccountPassword {-userId Admin1 -password ab12c34de}

$AdminConfig save

------------------------------
Shi Su
------------------------------

Original Message:
Sent: Mon January 24, 2022 08:04 AM
From: JOAO PEDRO ALEXANDRE
Subject: BPMConfig export fileRegistry.xml

Hello, do you know if there is any way to decrypt a passwords of users in fileRegistry.xml. I have this system, where I did the export using BPMConfig command and I need to find out the password of a user, that no one seems to know.



------------------------------
JOAO PEDRO ALEXANDRE
------------------------------

Thanks for your answer. Yes, the user is in fileRegistry.xml. I needed the password of celladmin user, Sebastiant Tylko post above helpd me.

------------------------------
JOAO PEDRO ALEXANDRE
------------------------------

Original Message:
Sent: Tue January 25, 2022 05:14 AM
From: Shi Su
Subject: BPMConfig export fileRegistry.xml

There is no way to decrypt the password of users in fileRegistry.xml. You can only reset a user's password in WebSphere when it is configured with a Federated Repository, typically, if user accounts reside in the fileRegistry.xml file on the WAS.

In the WebSphere admin console, expand Users and Groups and select Manage Users. When users are displayed, check the Unique Name column to determine if the user account resides on a file on the WebSphere server (defaultWIMFileBasedRealm). You would only reset the password if the user account resides in fileRegistry.xml on the WAS.

And another way to use wsadmin command to reset the user password (https://www.ibm.com/docs/en/was/8.5.5?topic=commands-changefileregistryaccountpassword-command)

For example:

$AdminTask changeFileRegistryAccountPassword {-userId Admin1 -password ab12c34de}

$AdminConfig save

------------------------------
Shi Su

Original Message:
Sent: Mon January 24, 2022 08:04 AM
From: JOAO PEDRO ALEXANDRE
Subject: BPMConfig export fileRegistry.xml

Hello, do you know if there is any way to decrypt a passwords of users in fileRegistry.xml. I have this system, where I did the export using BPMConfig command and I need to find out the password of a user, that no one seems to know.



------------------------------
JOAO PEDRO ALEXANDRE
------------------------------