Retrieving the JIRA Administrator's password

Added by Rosie Jameson, last edited by Emily Stumpf on Jun 12, 2008  (view change)
JIRA Documentation

Index

I have forgotten the JIRA administrator password.  Help!

Here are three different ways you can solve this problem.

Send it via email

If you have configured JIRA to send email, just click on the Forgot Password link on the login page, enter your username and click the Send it to me button. Your password will be emailed to you.

Remove security restrictions (for pre-3.12 installations of Jira)

If you temporarily remove security restrictions, you will be able to move an existing user or newly created user into the jira-administrator group, giving yourself administrative privileges.

This can be done as follows:

1.    Locate the WEB-INF/classes/seraph-config.xml file (in JIRA 2.4.1 and earlier, it is called security-config.xml)

2.    Comment out everything between the <services> tags:

<security-config>
    ...
    <services>
       <!--
        <service class="com.atlassian.seraph.service.PathService">
            <init-param>
                <param-name>config.file</param-name>
                <param-value>/seraph-paths.xml</param-value>
            </init-param>
        </service>

        <service class="com.atlassian.seraph.service.WebworkService">
            <init-param>
                <param-name>action.extension</param-name>
                <param-value>jspa</param-value>
            </init-param>
        </service>
         -->
    </services>
    ...
</security-config>

3.   Restart JIRA

You will now be able to access all of JIRA without logging on. From here you have a couple of options to get back administrative privileges.

Option 1. Creating a New Administrator User.

  1. Go to http://<your-server>//secure/admin/user/UserBrowser.jspa
  2. Click on Add User, fill in the form, then click Create.
  3. Click on Edit Groups, and add the user to the jira-administrators group

Option 2. Add Admin Privileges to an Existing User.

  1. Go to http://<your-server>//secure/admin/user/UserBrowser.jspa
  2. Click on a user
  3. Click on Edit Groups and add the user to jira-administrators

Note:
After you have fixed up the permissions, remember to reenable the commented-out section in seraph-config.xml, and restart JIRA.

Set the password directly in the database (for any version of Jira)

You can also update the password hash stored in your database for a user with administrative privileges. Run the following command to set the user called XXXX's password to the word sphere. Remember to restart Jira after making any changes directly to the database.

update userbase set password_hash='uQieO/1CGMUIXXftw3ynrsaYLShI+GTcPS4LdUGWbIusFvHPfUzD7CZvms6yMMvA8I7FViHVEqr6Mj4pCLKAFQ==' where username='XXXX';

If you don't know the name of a user who has administrative privileges on your system, try running the following query in your database:

select user_name from membershipbase where group_name="jira-administrators";

On a system with the default administrator group configured, this will show you users with administrative privileges, and thus who to set the password for.
If your system has different groups with the administrator privilege, you can identify what these groups are with this query:

select perm_parameter from schemepermissions where PERMISSION=0;

Then, use the previous query into membershipbase, but substitute jira-administrators with one of the groups listed in the results of this one.

Labels:

Enter labels to add to this page:
Wait Image 
Looking for a label? Just start typing.

Comments (1)

 

  1. Apr 11

    Huzaifa Tapal says:

    The steps listed in this doc do not allow for changing the System Administrator ...

    The steps listed in this doc do not allow for changing the System Administrator password. I guess with the steps listed in the doc, you can bypass the authentication scheme but not the authorization. Instead, I resolved the issue by doing this:

    1. Edited the latest backup XML file to add a user for which I had the password to the System Administrator group.
    2. Uninstalled JIRA and deleted the JIRA folder
    3. Removed the JIRA windows registry entries
    4. Reinstalled JIRA and chose to import from the edited backup file.
    5. Logged in with the new System Admin user and changed the password for original System Admin
    6. Logged out and logged back in with the original System Admin and revoked the System Admin privileges from the other user.

    A bit more involved, but worked. Keep in mind to backup any changes you made to the jira-application.properties file as uninstalling JIRA will delete that file.