SMA not prompting for credentials after upgrade
User upgraded from Pega 7.1.5 to Pega 7.1.9. They had followed the steps for securing System Management Application (SMA) on Weblogic so that any user accessing SMA is prompted to enter login credentials for accessing the application. After the upgrade the users are not prompted to enter the login credentials allowing unauthorized access to SMA.
Steps to Reproduce
- Follow steps to secure SMA application on Weblogic so that users are prompted for entering login credentials when accessing SMA.
- Navigate to the URL for accessing SMA.
- Users are only promoted to enter the login credentials for the first time but when they logout and try to login the next time, they are not prompted for entering login credential and are able to get unauthorized access to SMA.
The root cause of the issue is related to a defect in user's Pega 7 operating environment.
Engage weblogic application server administrator for verification of the issue. Pega System Management Application (SMA) by itself doesn’t have any authentication feature. The security is configured at the application server level which is outside of Pega. The following article highlights the changes required for securing SMA in weblogic: