Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

SMA Re-login does not challenge for security

SA-57634

Summary



Security is enabled on the System Management Application (SMA) and users are authenticated initially. However, after using the SMA logout link, the same session can be re-accessed.


Error Messages



Not Applicable


Steps to Reproduce

  1. Add a Security constraint to prsysmgmt web.xml.
  2. Add a user to tomcat-users.xml.


Root Cause



The SMA logout did not clear the credentials from the browser cache.


Resolution



Perform the following local-change,
  1. Add the following code to web.xml of prsysmgmt.

        <login-config>
            <auth-method>FORM</auth-method>
            <realm-name>PegaRULES</realm-name>
            <form-login-config>
                <form-login-page>/logon.jsp</form-login-page>
                <form-error-page>/logonError.jsp</form-error-page>
            </form-login-config>
        </login-config>

     
  2. Create a logon.jsp and logonError.jsp as below and add it (in Tomcat) \webapps\prsysmgmt.

    Logon.jsp

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <%@ page contentType="text/html; charset=utf-8" %>
    <html xmlns="http://www.your_webpage.org/1999/xhtml">

    <head>
        <title>Login Page</title>
    </head>

    <h2>Please log in:</h2>
    <br><br>
    <form action="https://community.pega.com/%3Cspan%3Ej%3C/span%3E_security_check" method=post>
        <p><strong>Username: </strong>
        <input type="text" name="j_username" size="25">
        <p><p><strong>Password:</strong>&nbsp;
        <input type="password" name="j_password" size="26">
        <p><p>
        <input type="submit" value="Submit">
        <input type="reset" value="Reset">
    </form>
    </html>

    LogonError.jsp

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <%@ page contentType="text/html; charset=utf-8" %>
    <html xmlns="http://www.your_webpage.org/1999/xhtml">

    <head>
        <title>Login Error</title>
    </head>
    <body>
        <c:url var="url" value="/index.jsp"/>
        <h2>Invalid user name or password.</h2>

        <p>Please enter a user name or password that is authorized to access this 
        application. For this application, this means a user that has been created with the 
        <code>PegaDiagnosticUser</code> role.  Click here to <a href="${url}">Try Again</a></p>
    </body>
    </html>
Suggest Edit

Published February 20, 2019 - Updated October 8, 2020

Did you find this content helpful? Yes No

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us