ARTIFACTORY: How To Unlock A User(s) Who Is Locked Out Of Artifactory and Recover Admin Account

Johnson Nguyen
2023-01-22 11:07

Non-Admin User Recovery:

When we have a user that is locked out of Artifactory, we can unlock them utilizing a REST API Call. 
**NOTE** These REST API Calls can only be performed with an ADMIN ACCOUNT

If we don’t know what user is locked out, please run this REST API Call: 
This API request will return an array of locked users.
curl -uADMIN_ACC JFROG_URL/artifactory/api/security/lockedUsers

If we know a single locked user’s username please use this REST API Call: 
What this API request will do is it will unlock a specific user that is inputted in the command.
curl -uADMIN_ACC JFROG_URL/artifactory/api/security/{USERNAME} 

If we want to unlock multiple users please use this REST API Call: 
When this API request is called, all locked users that are inputted in the command will be unlocked.
curl -uADMIN_ACC JFROG_URL/artifactory/api/security/{USERNAME} -H 'Content-Type: application/json' -d '[ {userA}, {userB} ]'
 

Admin User Recovery:

If the default Admin User has been lost, please follow these steps to regain access to the default Admin User.

1. This can be done by utilizing the Access bootstrap.creds: 
Create a file called bootstrap.creds under $JFROG_HOME/artifactory/var/etc/access

**NOTE** For Artifactory HA Versions under 7.17.2. If you are running an Artifactory HA Cluster, make sure to do the changes on the primary node. 

2. Populate the file with the following content:      <admin user_name>@*=<your new password>   **NOTE** You can also create the file with multiple lines to create multiple Admins IE, admin1@*=password
admin2@*=password2

3. Make sure the file has relevant permissions:$ chmod 600 bootstrap.creds
$ chown artifactory:artifactory bootstrap.creds
OR$ chmod 600 bootstrap.creds
$ chown 1030:1030 bootstrap.creds
**NOTE** The permissions must be assigned as 600. No other permissions will work.

4. **MUST DO** Perform a rolling restart:
After the third step, please perform a rolling restart to the cluster (restart each node, one at a time, starting from the primary node and waiting for the current node to come up fully before restarting the next).

After restarting the service(s), you should be able to log in with the newly created Admin Account.