Reenable Anonymous User While Offline

Avatar

Avatar
Validate 1
Level 2
kramer2718
Level 2

Likes

3 likes

Total Posts

11 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
kramer2718
Level 2

Likes

3 likes

Total Posts

11 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile
kramer2718
Level 2

06-02-2019

My colleague disabled the user "anonymous" and now the application is unusable. It appears that some services are running, but anytime you attempt to access any UI, it simply displays a Stackoverflow error. Obviously, we'd like to reenable that user but the useradmin UI doesn't work.

I believe if he had deleted the user it would have automatically been recreated, but he disabled it.

We've tried some different curl commands to delete or reenable the user but are getting 500 response on everything we've tried.

Help, please!

Replies

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

06-02-2019

CHecking interanlly to see if we have a SUPPORT KB to address this situation.

Are you able to see UI when you log in as an admin?

Avatar

Avatar
Boost 1
Level 1
kunwars30959694
Level 1

Like

1 like

Total Posts

2 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile

Avatar
Boost 1
Level 1
kunwars30959694
Level 1

Like

1 like

Total Posts

2 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile
kunwars30959694
Level 1

06-02-2019

I think this can be recovered easily if we can identify the anonymous user location under /home/users using logs or somwhere in felix console(i think we could but would have check again) and write a groovy script to switch the flag to enable this anonymous user and make system usable again.

There is a not in our official docs that we should not delete/disable the anonymous user so educate the users to avoid changing it’s properties.

Avatar

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile

Avatar
Boost 250
MVP
Gaurav-Behl
MVP

Likes

250 likes

Total Posts

1,147 posts

Correct reply

283 solutions
Top badges earned
Boost 250
Establish
Give back 300
Give Back 50
Give Back 5
View profile
Gaurav-Behl
MVP

06-02-2019

That's a nice trick!

Below are two groovy scripts which would've to modified accordingly--

oak-run Groovy script to reset the Adobe AEM "admin" user password · GitHub

Migrating AEM Users, Groups and ACLs between instances · GitHub

I'm not sure if OOB, 'anonymous' user would always have the same hash and under same path? It would make lives much more easy... We can test it with a couple of fresh installations to find a pattern and go ahead with that.

Avatar

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
aemmarc
Employee

06-02-2019

The anonymous user can be re-enabled programatically using CURL

Step 1)

Determine the path to the anonymous user.  eg:  grep the error.log for "POST /home/user " and try and determine the path to that user.

For example say it is : /home/users/-/-W27FKy-6dKSFr2v6Aue

Step2)

Once you have the path, you can reenable the anonymous user by performing the following CURL command

curl -u admin:admin -F "disableUser=" http://localhost:6330/home/users/-/-W27FKy-6dKSFr2v6Aue

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,409 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

06-02-2019

Excellent COmmunity responses everyone!!!

Avatar

Avatar
Boost 1
Level 1
kunwars30959694
Level 1

Like

1 like

Total Posts

2 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile

Avatar
Boost 1
Level 1
kunwars30959694
Level 1

Like

1 like

Total Posts

2 posts

Correct reply

0 solutions
Top badges earned
Boost 1
View profile
kunwars30959694
Level 1

06-02-2019

If you are on later aem versions, user paths are randomized. In this case, we won’t need the has as we are changing any password or decrypting stuff. Although we just need to find the anonymous user using the first admin script you mentioned. Once you identify this path, we can switch its properties to renable the user using nodeBuilder or similar api

If you can’t get a script running, let me know maybe I can provide one later this week.

Avatar

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Ignite 1
Employee
aemmarc
Employee

Likes

184 likes

Total Posts

243 posts

Correct reply

92 solutions
Top badges earned
Ignite 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
aemmarc
Employee

06-02-2019

Tested and verified that the CURL command works on AEM 6.3, 6.4, 6.5

1) find the logging statement that includes the POST that disabled the user. It will look like the following :

06.02.2019 14:06:07.938 *INFO* [0:0:0:0:0:0:0:1 [1549479967933] POST /home/users/L/LKiH_WI-Bp_PmPHPbVLC.rw.userprops.html HTTP/1.1] com.adobe.granite.security.user.internal.servlets.AuthorizableServlet Edit User 'anonymous' operation initiated by User 'admin' (administrator)

2)

curl -u admin:admin -F "disableUser=" http://localhost:6501/home/users/L/LKiH_WI-Bp_PmPHPbVLC

3) Voila!

Avatar

Avatar
Validate 1
Level 2
kramer2718
Level 2

Likes

3 likes

Total Posts

11 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
kramer2718
Level 2

Likes

3 likes

Total Posts

11 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile
kramer2718
Level 2

06-02-2019

Hi guys. It looks to me that several of these answers are likely correct, but we found a slightly different approach

curl -u admin:admin 'http://localhost:4502/home/users/O/OPYCNCDeCOsijvtpS0J5.rw.userprops.html' --data '.&disableUser=&_charset_=utf-8' --compressed