Basic OBIEE Enumeration Checklist
Several clients and partners have asked for this checklist lately. Posting it for those who may find it useful:
- If possible ask for the following:
- System diagram
- All URLs – WebLogic, Enterprise Manager and OBIEE
- Ask about load balancer and reverse proxy
- WebLogic accounts and passwords for both /EM and /Console
- TNSNAMES info and DB accounts and passwords for WebLogic repository database
- Ideally O/S accounts and passwords for server supporting WebLogic – will need for WLST scripts
- Request copy of config.xml file for each environment. If o/s accounts are surrendered these can be easily obtained.
- Network probe
- NMAP scan for WebLogic and OBIEE ports 7001, 9701 and 9703. Suggest scanning 9700 – 9710. Also NMAP scan for Oracle networking 1521 (default). Suggest scanning 1520-1530
- Check WebLogic and OBIEE specific URLs. For public facing, use Google. For internal construct URLs using information gathered from NMAP:
Tool |
URL |
Administration Server Console |
http://host:port/console |
Enterprise Manager Console |
http://host:port/em |
Enterprise Manager Agent |
http://host:port/emd/main |
Oracle Portal |
http://host:port/portal/pls/portal |
Oracle Forms |
http://host:port/forms/frmservlet |
Oracle Reports |
http://host:port/reports/rwservlet |
Oracle Discoverer Viewer |
http://host:port/discoverer/viewer |
WebLogic |
If external Google: intitle:"WebLogic Server" intitle:"Console Login" inurl:console –site:targetdomain.com |
OBIEE |
Look for: analytics/saw.dll e.g. if external Google: Inurl: analytics/saw.dll –site:targetdomain.com |
- Inventory the databases associated with WebLogic. Issue the following from the repository databases:
- SELECT * FROM SYSTEM.SCHEMA_VERSION_REGISTRY$;
- SELECT * FROM PRODUCT_COMPONENT_VERSION;
- Read and analyze the primary WebLogic configurations. The primary config file is the /domains/DOMAIN_NAME/config/config.xml
- Get server information, suggest running WLST scripts for – Google several good examples: ‘wlst script list servers and information’
- Get WebLogic user information, suggest running WLST scripts for – Google several good examples: ‘wlst script list users’
- For OBIEE authentication will first be done by WebLogic. WebLogic will determine who can access OBIEE. WebLogic groups may or may not then drive authorization. Older OBIEE solutions also might internally authenticate within the repository (RDP). Overall security authorization within OBIEE can be at control at various levels; Catalog/Presentation, RPD and within the data sources or a combination of everything. There can also be no security/authorization e.g. authentication by WebLogic to use OBIEE and then handoff to a PUBLIC / generic OBIEE report.