Lockout recovery process

This page describes how to recover administrator access for Bamboo 6.6 and later. 

As an administrator, you may find yourself locked out of Bamboo and unable to log in. This can happen for various reasons, including: 

  • The external user directory server is not accessible (because the network is down, or the directory is down, or the directory has been moved to another IP address).
  • The admin password has been forgotten or lost.
  • The Bamboo instance is not configured properly and then restarted.

To regain your access to Bamboo: 

  1. Add the "-Datlassian.recovery.password=temporarypassword" Java property.

    1. For operating system and installation specific instructions for configuring a Java property for Bamboo, please see: Configuring your system properties

    2. Linux Example: Edit the <Bamboo_installation_directory>\bin\setenv.sh file and add the 
      "-Datlassian.recovery.password=temporarypassword" value to the JVM_SUPPORT_RECOMMENDED_ARGS property. 
      The property value must not be blank, and should look like this when you've done that:

      # Occasionally Atlassian Support may recommend that you set some specific JVM arguments.
      # You can use this variable to do that. Simply uncomment the below line and add any required
      # arguments. Note however, if this environment variable has been set in the environment of the
      # user running this script, uncommenting the below will override that.

      Here we are using temporarypassword but you should use your own value.

  2. Restart your Bamboo instance. 
  3. Log in to Bamboo using the recovery_admin username and the temporary password specified in Step 1.
  4. Repair your Bamboo configuration. 

    In the recovery mode, Bamboo creates an additional account with administrative privileges to allow you to fix your configuration. These privileges are removed when Bamboo restarts without the recovery mode. We strongly recommend that you do not perform any additional actions while Bamboo is in recovery mode.

  5. Confirm your ability to log in with your usual admin profile.
  6. Shut down Bamboo and remove the atlassian.recovery.password argument. 
  7. Start Bamboo again.

Fallback authentication in Bamboo

Alternatively, from Bamboo 8.1 or onwards Data Center, if SSO is the primary authentication method and for some reason, it fails, we can enable username and password authentication.

  1. Enable username and password authentication with a REST call:

    curl -vvv -k -L -u <admin_username> -X PATCH <BambooURL>/rest/authconfig/1.0/sso \
        -H 'Content-Type: application/json'\
        -d '{"enable-authentication-fallback": true}'
  2. Go to <BambooURL>/userlogin!doDefault.action?auth_fallback to display the Bamboo login page.

You can also restore username and password authentication by performing the following REST call:

curl -vvv -k -L -u <admin_username> -X PATCH <BambooURL>/rest/authconfig/1.0/sso \
    -H 'Content-Type: application/json'\
    -d '{"show-login-form": true}'


Last modified on Jun 1, 2022

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.