Highlighted

Reenable Anonymous User While Offline

Avatar

Avatar

kramer2718

Avatar

kramer2718

kramer2718

06-02-2019

My colleague disabled the user "anonymous" and now the application is unusable. It appears that some services are running, but anytime you attempt to access any UI, it simply displays a Stackoverflow error. Obviously, we'd like to reenable that user but the useradmin UI doesn't work.

I believe if he had deleted the user it would have automatically been recreated, but he disabled it.

We've tried some different curl commands to delete or reenable the user but are getting 500 response on everything we've tried.

Help, please!

Replies

Highlighted

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

06-02-2019

CHecking interanlly to see if we have a SUPPORT KB to address this situation.

Are you able to see UI when you log in as an admin?

Highlighted

Avatar

Avatar

kunwars30959694

Avatar

kunwars30959694

kunwars30959694

06-02-2019

I think this can be recovered easily if we can identify the anonymous user location under /home/users using logs or somwhere in felix console(i think we could but would have check again) and write a groovy script to switch the flag to enable this anonymous user and make system usable again.

There is a not in our official docs that we should not delete/disable the anonymous user so educate the users to avoid changing it’s properties.

Highlighted

Avatar

Avatar

Gaurav-Behl

MVP

Total Posts

1.1K

Likes

226

Correct Answer

281

Avatar

Gaurav-Behl

MVP

Total Posts

1.1K

Likes

226

Correct Answer

281
Gaurav-Behl
MVP

06-02-2019

That's a nice trick!

Below are two groovy scripts which would've to modified accordingly--

oak-run Groovy script to reset the Adobe AEM "admin" user password · GitHub

Migrating AEM Users, Groups and ACLs between instances · GitHub

I'm not sure if OOB, 'anonymous' user would always have the same hash and under same path? It would make lives much more easy... We can test it with a couple of fresh installations to find a pattern and go ahead with that.

Avatar

Avatar

aemmarc

Employee

Avatar

aemmarc

Employee

aemmarc
Employee

06-02-2019

The anonymous user can be re-enabled programatically using CURL

Step 1)

Determine the path to the anonymous user.  eg:  grep the error.log for "POST /home/user " and try and determine the path to that user.

For example say it is : /home/users/-/-W27FKy-6dKSFr2v6Aue

Step2)

Once you have the path, you can reenable the anonymous user by performing the following CURL command

curl -u admin:admin -F "disableUser=" http://localhost:6330/home/users/-/-W27FKy-6dKSFr2v6Aue

Highlighted

Avatar

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K

Avatar

smacdonald2008

Total Posts

12.7K

Likes

1.4K

Correct Answer

2.3K
smacdonald2008

06-02-2019

Excellent COmmunity responses everyone!!!

Highlighted

Avatar

Avatar

kunwars30959694

Avatar

kunwars30959694

kunwars30959694

06-02-2019

If you are on later aem versions, user paths are randomized. In this case, we won’t need the has as we are changing any password or decrypting stuff. Although we just need to find the anonymous user using the first admin script you mentioned. Once you identify this path, we can switch its properties to renable the user using nodeBuilder or similar api

If you can’t get a script running, let me know maybe I can provide one later this week.

Highlighted

Avatar

Avatar

aemmarc

Employee

Avatar

aemmarc

Employee

aemmarc
Employee

06-02-2019

Tested and verified that the CURL command works on AEM 6.3, 6.4, 6.5

1) find the logging statement that includes the POST that disabled the user. It will look like the following :

06.02.2019 14:06:07.938 *INFO* [0:0:0:0:0:0:0:1 [1549479967933] POST /home/users/L/LKiH_WI-Bp_PmPHPbVLC.rw.userprops.html HTTP/1.1] com.adobe.granite.security.user.internal.servlets.AuthorizableServlet Edit User 'anonymous' operation initiated by User 'admin' (administrator)

2)

curl -u admin:admin -F "disableUser=" http://localhost:6501/home/users/L/LKiH_WI-Bp_PmPHPbVLC

3) Voila!

Highlighted

Avatar

Avatar

kramer2718

Avatar

kramer2718

kramer2718

06-02-2019

Hi guys. It looks to me that several of these answers are likely correct, but we found a slightly different approach

curl -u admin:admin 'http://localhost:4502/home/users/O/OPYCNCDeCOsijvtpS0J5.rw.userprops.html' --data '.&disableUser=&_charset_=utf-8' --compressed