Adobe Experience Manager Sites & More

kramer2718 · ‎06-02-2019

My colleague disabled the user "anonymous" and now the application is unusable. It appears that some services are running, but anytime you attempt to access any UI, it simply displays a Stackoverflow error. Obviously, we'd like to reenable that user but the useradmin UI doesn't work.

I believe if he had deleted the user it would have automatically been recreated, but he disabled it.

We've tried some different curl commands to delete or reenable the user but are getting 500 response on everything we've tried.

Help, please!

smacdonald2008 · ‎06-02-2019

CHecking interanlly to see if we have a SUPPORT KB to address this situation.

Are you able to see UI when you log in as an admin?

kunwars30959694 · ‎06-02-2019

I think this can be recovered easily if we can identify the anonymous user location under /home/users using logs or somwhere in felix console(i think we could but would have check again) and write a groovy script to switch the flag to enable this anonymous user and make system usable again.

There is a not in our official docs that we should not delete/disable the anonymous user so educate the users to avoid changing it’s properties.

Gaurav-Behl · ‎06-02-2019

That's a nice trick!

Below are two groovy scripts which would've to modified accordingly--

oak-run Groovy script to reset the Adobe AEM "admin" user password · GitHub

Migrating AEM Users, Groups and ACLs between instances · GitHub

I'm not sure if OOB, 'anonymous' user would always have the same hash and under same path? It would make lives much more easy... We can test it with a couple of fresh installations to find a pattern and go ahead with that.

kunwars30959694 · ‎06-02-2019

If you are on later aem versions, user paths are randomized. In this case, we won’t need the has as we are changing any password or decrypting stuff. Although we just need to find the anonymous user using the first admin script you mentioned. Once you identify this path, we can switch its properties to renable the user using nodeBuilder or similar api

If you can’t get a script running, let me know maybe I can provide one later this week.

aemmarc · ‎06-02-2019

The anonymous user can be re-enabled programatically using CURL

Step 1)

Determine the path to the anonymous user. eg: grep the error.log for "POST /home/user " and try and determine the path to that user.

For example say it is : /home/users/-/-W27FKy-6dKSFr2v6Aue

Step2)

Once you have the path, you can reenable the anonymous user by performing the following CURL command

curl -u admin:admin -F "disableUser=" http://localhost:6330/home/users/-/-W27FKy-6dKSFr2v6Aue

smacdonald2008 · ‎06-02-2019

Excellent COmmunity responses everyone!!!

aemmarc · ‎06-02-2019

Tested and verified that the CURL command works on AEM 6.3, 6.4, 6.5

1) find the logging statement that includes the POST that disabled the user. It will look like the following :

06.02.2019 14:06:07.938 *INFO* [0:0:0:0:0:0:0:1 [1549479967933] POST /home/users/L/LKiH_WI-Bp_PmPHPbVLC.rw.userprops.html HTTP/1.1] com.adobe.granite.security.user.internal.servlets.AuthorizableServlet Edit User 'anonymous' operation initiated by User 'admin' (administrator)

2)

curl -u admin:admin -F "disableUser=" http://localhost:6501/home/users/L/LKiH_WI-Bp_PmPHPbVLC

3) Voila!