Basic OBIEE Enumeration Checklist

Several clients and partners have asked for this checklist lately. Posting it for those who may find it useful:

  1. If possible ask for the following:
    1. System diagram
    2. All URLs – WebLogic, Enterprise Manager and OBIEE
    3. Ask about load balancer and reverse proxy
    4. WebLogic accounts and passwords for both /EM and /Console
    5. TNSNAMES info and DB accounts and passwords for WebLogic repository database
    6. Ideally O/S accounts and passwords for server supporting WebLogic – will need for WLST scripts
    7. Request copy of config.xml file for each environment. If o/s accounts are surrendered these can be easily obtained.
  2. Network probe
    1. NMAP scan for WebLogic and OBIEE ports 7001, 9701 and 9703. Suggest scanning 9700 – 9710. Also NMAP scan for Oracle networking 1521 (default).  Suggest scanning 1520-1530
    2. Check WebLogic and OBIEE specific URLs. For public facing, use Google. For internal construct URLs using information gathered from NMAP:

Tool

URL

Administration Server Console

http://host:port/console

Enterprise Manager Console

http://host:port/em

Enterprise Manager Agent

http://host:port/emd/main

Oracle Portal

http://host:port/portal/pls/portal

Oracle Forms

http://host:port/forms/frmservlet

Oracle Reports

http://host:port/reports/rwservlet

Oracle Discoverer Viewer

http://host:port/discoverer/viewer

WebLogic

If external Google: intitle:"WebLogic Server" intitle:"Console Login" inurl:console –site:targetdomain.com

OBIEE

Look for: analytics/saw.dll

e.g. if external Google: Inurl: analytics/saw.dll –site:targetdomain.com

 

  1. Inventory the databases associated with WebLogic. Issue the following from the repository databases:
    1. SELECT * FROM SYSTEM.SCHEMA_VERSION_REGISTRY$;
    2. SELECT * FROM PRODUCT_COMPONENT_VERSION;
  2. Read and analyze the primary WebLogic configurations. The primary config file is the /domains/DOMAIN_NAME/config/config.xml 
  3. Get server information, suggest running WLST scripts for – Google several good examples: ‘wlst script list servers and information’
  4. Get WebLogic user information, suggest running WLST scripts for – Google several good examples: ‘wlst script list users’
  5. For OBIEE authentication will first be done by WebLogic. WebLogic will determine who can access OBIEE. WebLogic groups may or may not then drive authorization. Older OBIEE solutions also might internally authenticate within the repository (RDP).  Overall security authorization within OBIEE can be at control at various levels; Catalog/Presentation, RPD and within the data sources or a combination of everything. There can also be no security/authorization e.g. authentication by WebLogic to use OBIEE and then handoff to a PUBLIC / generic OBIEE report.

 Share this post

Subscribe to RSS

Add us to your favorite news reader.

Follow on Twitter

Get the latest updates.