Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Reenable Anonymous User While Offline

kramer2718
Level 2
Level 2

My colleague disabled the user "anonymous" and now the application is unusable. It appears that some services are running, but anytime you attempt to access any UI, it simply displays a Stackoverflow error. Obviously, we'd like to reenable that user but the useradmin UI doesn't work.

I believe if he had deleted the user it would have automatically been recreated, but he disabled it.

We've tried some different curl commands to delete or reenable the user but are getting 500 response on everything we've tried.

Help, please!

8 Replies
smacdonald2008
Level 10
Level 10

CHecking interanlly to see if we have a SUPPORT KB to address this situation.

Are you able to see UI when you log in as an admin?

kunwars30959694
Level 1
Level 1

I think this can be recovered easily if we can identify the anonymous user location under /home/users using logs or somwhere in felix console(i think we could but would have check again) and write a groovy script to switch the flag to enable this anonymous user and make system usable again.

There is a not in our official docs that we should not delete/disable the anonymous user so educate the users to avoid changing it’s properties.

Gaurav-Behl
Community Advisor
Community Advisor

That's a nice trick!

Below are two groovy scripts which would've to modified accordingly--

oak-run Groovy script to reset the Adobe AEM "admin" user password · GitHub

Migrating AEM Users, Groups and ACLs between instances · GitHub

I'm not sure if OOB, 'anonymous' user would always have the same hash and under same path? It would make lives much more easy... We can test it with a couple of fresh installations to find a pattern and go ahead with that.

kunwars30959694
Level 1
Level 1

If you are on later aem versions, user paths are randomized. In this case, we won’t need the has as we are changing any password or decrypting stuff. Although we just need to find the anonymous user using the first admin script you mentioned. Once you identify this path, we can switch its properties to renable the user using nodeBuilder or similar api

If you can’t get a script running, let me know maybe I can provide one later this week.

aemmarc
Employee
Employee

The anonymous user can be re-enabled programatically using CURL

Step 1)

Determine the path to the anonymous user.  eg:  grep the error.log for "POST /home/user " and try and determine the path to that user.

For example say it is : /home/users/-/-W27FKy-6dKSFr2v6Aue

Step2)

Once you have the path, you can reenable the anonymous user by performing the following CURL command

curl -u admin:admin -F "disableUser=" http://localhost:6330/home/users/-/-W27FKy-6dKSFr2v6Aue

aemmarc
Employee
Employee

Tested and verified that the CURL command works on AEM 6.3, 6.4, 6.5

1) find the logging statement that includes the POST that disabled the user. It will look like the following :

06.02.2019 14:06:07.938 *INFO* [0:0:0:0:0:0:0:1 [1549479967933] POST /home/users/L/LKiH_WI-Bp_PmPHPbVLC.rw.userprops.html HTTP/1.1] com.adobe.granite.security.user.internal.servlets.AuthorizableServlet Edit User 'anonymous' operation initiated by User 'admin' (administrator)

2)

curl -u admin:admin -F "disableUser=" http://localhost:6501/home/users/L/LKiH_WI-Bp_PmPHPbVLC

3) Voila!

kramer2718
Level 2
Level 2

Hi guys. It looks to me that several of these answers are likely correct, but we found a slightly different approach

curl -u admin:admin 'http://localhost:4502/home/users/O/OPYCNCDeCOsijvtpS0J5.rw.userprops.html' --data '.&disableUser=&_charset_=utf-8' --compressed