Posted: 5 Jan 2018 15:43 EST Last activity: 23 Jan 2018 15:39 EST
SMA on Tomcat
How do I get SMA to work when -Dcom.sun.management.jmxremote.authenticate=true is a requirement by our middleware team in the setenv.sh file? I have the appropriate entries in tomcat-users.xml file as recommended by the install document for Tomcat/Oracle for 7.2.1. I can only get SMA to work if I set the authenticate to false, but that is not an option for our production environment.
Arun - I am trying to get SMA to work with authentication. It works just fine if authentication is set to false.
Sudhakar - I am aware of both the access.xml and password.xml file, but have not been able to get it to work with the SMA login. Do you have an example? Does it need to be coordinated with the SMA related entries (PegaDiagnosticUser) in the tomcat-users.xml file that are needed for SMA?
Thanks Sudhakar - please let me know what you find. SMA uses jmxremote to connect to the node, so the two (SMA and jmxremote) would appear to be related. If I set jmxremote.authenticate=false in setenv.sh, SMA will connect just fine even if you put in totally incorrect credentials into the SMA id/password fields (using "always prompt for credentials" in the SMA node definition). If jmxremote.authenticate=true (a requirement for us), then I can't get it to work at all.
Hi Sudhakar - I have found where the issue may be (haven't gotten a working solution yet). It appears that our middleware team has Tomcat integrated with LDAP. If I remove the following two entries: -Dcom.sun.management.jmxremote.login.config=Tomcat -Djava.security.auth.login.config=$CATALINA_HOME/login.config (indicates ldap)
and instead specify a local jmxremote.password file instead, I can get SMA to work fine with ids that I put in the jmxremote.access and jmxremote.password files.
Now I just need to figure out how to get it to work with ldap...
Hi - I asked our middleware team, which has an ldap id with access to jmxremote on these servers to attempt access to SMA. It was successful. So, I just need to work to either get ids added to that same group or get a new, similar, group defined. Thanks for your time/suggestions.