Lockout recovery process
This page describes how to recover administrator access for Bamboo 6.6 and later.
As an administrator, you may find yourself locked out of Bamboo and unable to log in. This can happen for various reasons, including:
- The external user directory server is not accessible (because the network is down, or the directory is down, or the directory has been moved to another IP address).
- The admin password has been forgotten or lost.
- The Bamboo instance is not configured properly and then restarted.
To regain your access to Bamboo:
Add the
"-Datlassian.recovery.password=temporarypassword
"
Java property.For operating system and installation specific instructions for configuring a Java property for Bamboo, please see: Configuring your system properties
Linux Example: Edit the
<Bamboo_installation_directory>\bin\setenv.sh
file and add the"-Datlassian.recovery.password=temporarypassword
"
value to theJVM_SUPPORT_RECOMMENDED_ARGS
property.
The property value must not be blank, and should look like this when you've done that:# Occasionally Atlassian Support may recommend that you set some specific JVM arguments. # You can use this variable to do that. Simply uncomment the below line and add any required # arguments. Note however, if this environment variable has been set in the environment of the # user running this script, uncommenting the below will override that. # JVM_SUPPORT_RECOMMENDED_ARGS=-Datlassian.recovery.password=temporarypassword
Here we are using t
emporarypassword
but you should use your own value.When you run Bamboo in recovery mode, the login form won't accept recovery admin credentials if two-step verification is enabled. To disable two-step verification and revert to legacy login form, use the JVM flag below:
-Datlassian.authentication.legacy.mode=true
- Restart your Bamboo instance.
- Log into Bamboo with the username
recovery_admin
or the randomly generated ID available in the logs.Use the temporary password defined in the system property. You can obtain the username information from the Bamboo logs by searching for:
Recovery mode is ON. Recovery admin username: 'eP77jUUu2SpTZvSXiGlm0j74A6SHOqNyWWIaAiGMQqSmE3LeeB'
Repair your Bamboo configuration.
In the recovery mode, Bamboo creates an additional account with administrative privileges to allow you to fix your configuration. These privileges are removed when Bamboo restarts without the recovery mode. We strongly recommend that you do not perform any additional actions while Bamboo is in recovery mode.
- Confirm your ability to log in with your usual admin profile.
- Shut down Bamboo and remove the
atlassian.recovery.password
argument. - Start Bamboo again.
Fallback authentication in Bamboo
Alternatively, from Bamboo 8.1 or onwards Data Center, if SSO is the primary authentication method and for some reason, it fails, we can enable username and password authentication.
Enable username and password authentication with a REST call:
curl -vvv -k -L -u <admin_username> -X PATCH <BambooURL>/rest/authconfig/1.0/sso \ -H 'Content-Type: application/json'\ -d '{"enable-authentication-fallback": true}'
Go to
<BambooURL>/userlogin.action?auth_fallback
to display the Bamboo login page.
You can also restore username and password authentication by performing the following REST call:
curl -vvv -k -L -u <admin_username> -X PATCH <BambooURL>/rest/authconfig/1.0/sso \
-H 'Content-Type: application/json'\
-d '{"show-login-form": true}'