Support Article
SMA not prompting for credentials after upgrade
SA-20559
Summary
User upgraded from Pega 7.1.5 to Pega 7.1.9. They had followed the steps for securing System Management Application (SMA) on Weblogic so that any user accessing SMA is prompted to enter login credentials for accessing the application. After the upgrade the users are not prompted to enter the login credentials allowing unauthorized access to SMA.
Error Messages
Not Applicable
Steps to Reproduce
- Follow steps to secure SMA application on Weblogic so that users are prompted for entering login credentials when accessing SMA.
- Navigate to the URL for accessing SMA.
- Users are only promoted to enter the login credentials for the first time but when they logout and try to login the next time, they are not prompted for entering login credential and are able to get unauthorized access to SMA.
Root Cause
The root cause of the issue is related to a defect in user's Pega 7 operating environment.
Resolution
Engage weblogic application server administrator for verification of the issue. Pega System Management Application (SMA) by itself doesn’t have any authentication feature. The security is configured at the application server level which is outside of Pega. The following article highlights the changes required for securing SMA in weblogic:
https://pdn.pega.com/how-secure-system-management-application-restricting-user-access-oracle-weblogic
Published March 5, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.