How do I login to Jenkins when I locked myself out?

Article ID:206598218
2 minute readKnowledge base

Issue

  • When managing user permissions, a user might set a permission wrong and lose access when using their main administrator account. Regaining access can be done in a few steps.

  • global security needs to be changed, unable to login as administrator

Environment

Resolution

There are two methods you could follow to restore access:

  1. Restore a backup of your previous security realm settings from before you changed it

  2. Disable security entirely so you can re-configure your security realm

The preferred option is option 1, since you will be restoring your previous authentication settings. Option 2 which disables security entirely is dangerous if your instance is accessible to anyone else. The reason it is dangerous is because anyone who can access the controller when security is disabled can access all information on that controller, including secret credentials and all of your jobs. The second option should only be used when you isolate network access to the controller during the timeframe when security is disabled.

Option 1

For option 1, which is restoring a backup of your previous security realm settings:

  1. Stop the service.

  2. Restore the JENKINS_HOME/config.xml from the backup you took immediately before you changed the security realm. We recommmend you do a diff of the current content of JENKINS_HOME/config.xml and the version from the backup before you replace it, to ensure you understand what you are reverting.

  3. Start the service.

Option 2

For option 2, which is disabling security entirely so you can re-configure your security realm:

  1. Stop Jenkins

  2. Edit the config.xml file in the JENKINS_HOME folder and locate this line:

    `<useSecurity>true</useSecurity>`

    Set the value to false

  3. Start Jenkins

  4. If you don’t know your admin password when using Jenkins’ own user database for your Security Realm, go to JENKINS_URL/user/admin/configure to set the new admin password.

  5. Now go to Manage Jenkins -> Configure Global Security and choose your Security Realm and Authorization settings to re-enable security.