Question
US
Last activity: 19 Jan 2016 11:40 EST
SMA on JBOSS 6.x
All,
I wanted to provide some information I have found while configuring Pega 7.1.9 on JBOSS 6.4.4, specifically related to SMA.
Firstly, the JMX url example provided within SMA is incorrect for JBOSS 6. The URL provided is: service:jmx:rmi:///jndi/rmi://HOST:9004/jmxrmi however the CORRECT JMX url for JBOSS 6.4 is:
service:jmx:remoting-jmx://HOST:4447 OR
service:jmx:remoting-jmx://HOST:9999 depending on which interface you have JMX bound to. (9999 by default, for management interface, or 4447 otherwise) This part is important as it determines what authentication method is used. By default, JMX is configured to use the management security realm for authentication. This means that if you have your JBOSS admin console authenticated through LDAP, your JMX connection will be authenticated through LDAP as well. If this is your case (as it was with me) adding a local management user would not work.
You can prevent JMX from using the management interface with this CLI command and a server reload.
/subsystem=jmx/remoting-connector=jmx/:write-attribute(name=use-management-endpoint,value=false)
If you do this, you can create an APPLICATION user via the add-user scripts. This allows you to authenticate via LDAP or other method for your management console, and a local user for SMA.
All,
I wanted to provide some information I have found while configuring Pega 7.1.9 on JBOSS 6.4.4, specifically related to SMA.
Firstly, the JMX url example provided within SMA is incorrect for JBOSS 6. The URL provided is: service:jmx:rmi:///jndi/rmi://HOST:9004/jmxrmi however the CORRECT JMX url for JBOSS 6.4 is:
service:jmx:remoting-jmx://HOST:4447 OR
service:jmx:remoting-jmx://HOST:9999 depending on which interface you have JMX bound to. (9999 by default, for management interface, or 4447 otherwise) This part is important as it determines what authentication method is used. By default, JMX is configured to use the management security realm for authentication. This means that if you have your JBOSS admin console authenticated through LDAP, your JMX connection will be authenticated through LDAP as well. If this is your case (as it was with me) adding a local management user would not work.
You can prevent JMX from using the management interface with this CLI command and a server reload.
/subsystem=jmx/remoting-connector=jmx/:write-attribute(name=use-management-endpoint,value=false)
If you do this, you can create an APPLICATION user via the add-user scripts. This allows you to authenticate via LDAP or other method for your management console, and a local user for SMA.
Please let me know if you have different results, or other solutions that work.