Discussion
Pegasystems Inc.
JP
Last activity: 14 Jun 2022 1:56 EDT
"Trouble logging in" not working with 8.6.x and 8.7.x
Hi,
A couple of customers have reported that password reset functionality ("Trouble logging in?" link in the log in screen) is not working with Pega 8.6.x and 8.7.x. In this post, I will share the issue and its workaround.
- Set up MFA
"Trouble logging in?" in log screen is used for a user to reset password. In order for this functionality to work, MFA (Multi-Factor Authentication) has to be set up in advance. Configure Data-EmailAccount and specify the instance from Security Policy gadget as below.
- Steps to reproduce the issue
1. Click "Trouble logging in?" link.
2. Enter your username and click “Submit”.
3. OTP (One Time Password) is supposed to be sent to the user by e-mail, but it never is.
- Version
This issue does not happen in the prior Minor version (8.5, 8.4, etc) and this is limited to 8.6.x and 8.7.x. Also, the root cause is different per patch version – if you are using 8.6.0 - 8.6.2, you will see below error in the PegaRULES log.
ERROR localhost| Proprietary information hidden HLFWI929J5WWSAMWA4HV2FZI0D3JCD1ZXA - Failed to send email with account detail as {…}
com.pega.platform.integrationcore.client.email.EmailClientException: Unable to send email due to : Couldn't connect to host, port: smtp.gmail.com, 25; timeout 60000
If you are using 8.6.3, 8.7.0, or 8.7.1, you will see below error instead.
ERROR localhost| Proprietary information hidden HLFWI929J5WWSAMWA4HV2FZI0D3JCD1ZXA - Only authenticated client may start this activity: RULE-OBJ-ACTIVITY @BASECLASS SENDEMAILNOTIFICATION #20211203T121642.173 GMT ReqID=HK9AFRH1MQHZUBEXQ7Z0N4UXGFH52YMDFA
com.pega.pegarules.pub.PRRuntimeException: Error: You lack access required to execute RULE-OBJ-ACTIVITY @BASECLASS SENDEMAILNOTIFICATION #20211203T121642.173 GMT.
- Bug Fix
The issue is planned to be fixed in the future version (8.6.5 for 8.6, and 8.7.2 for 8.7). In the meantime, there is no direct workaround to get this to work. Until fix patch is released, our customers decided to take a different approach below.
1. User who forgot password talks to the system administrator.
2. System administrator updates his operator ID with "Force password change on next login" checkbox on.
3. The user logs in to the system regularly using username and current password.
4. OTP is sent out and the user should receive e-mail. Be noted, this OTP and "Trouble logging in" OTP are using a different mechanism.
5. The user is now able to reset password.
Hope this helps.
Thanks,
Deutsche Post AG
DE
We are also facing this issue in 8.7.1.
Therefore I tried the workaround. Technically it is working fine. But for security reasons I would not like to go this way. The administrator has to handover the one-time-password in some way. And this bears transfer risk and a risk of social engineering.
Pegasystems Inc.
JP
For 8.7.x, this issue is planned to be fixed in 8.7.2. You can either wait for the patch release or apply a hotfix. If you are using 8.7.1, you can raise an SR to obtain HFIX-83225.
Thanks,
Deutsche Post AG
DE
Thanks a lot @KenshoTsuchihashi for this information. Further I was told that 8.7.2 shall be released today. It may be a good idea to check first the list of fixed issues. Later we will decide to go for HFIX-83225 or ask for upgrade to 8.7.2.