SMA on Tomcat
How do I get SMA to work when -Dcom.sun.management.jmxremote.authenticate=true is a requirement by our middleware team in the setenv.sh file? I have the appropriate entries in tomcat-users.xml file as recommended by the install document for Tomcat/Oracle for 7.2.1. I can only get SMA to work if I set the authenticate to false, but that is not an option for our production environment.
Accepted Solution
Ameriprise Financial
US
Hi - I asked our middleware team, which has an ldap id with access to jmxremote on these servers to attempt access to SMA. It was successful. So, I just need to work to either get ids added to that same group or get a new, similar, group defined. Thanks for your time/suggestions.
JPMorgan Chase & Company
US
Hi,
Please refer below article to enable JMX authentication in JVM
https://db.apache.org/derby/docs/10.9/adminguide/radminjmxenablepwd.html
Pegasystems Inc.
IN
Hello Mark,
If you want to enable JMX with no authentication have a look at below article
https://db.apache.org/derby/docs/10.10/adminguide/radminjmxenablenoauth.html
Thanks,
Arun
Ameriprise Financial
US
Thanks for the replies.
Arun - I am trying to get SMA to work with authentication. It works just fine if authentication is set to false.
Sudhakar - I am aware of both the access.xml and password.xml file, but have not been able to get it to work with the SMA login. Do you have an example? Does it need to be coordinated with the SMA related entries (PegaDiagnosticUser) in the tomcat-users.xml file that are needed for SMA?
Thanks.
JPMorgan Chase & Company
US
Hi,
I haven't implemented in my local system, I will try to do it. PegaDiagnosticUser is used for authenticating SMA. It's not related to the JMX authentication.
Ameriprise Financial
US
Thanks Sudhakar - please let me know what you find. SMA uses jmxremote to connect to the node, so the two (SMA and jmxremote) would appear to be related. If I set jmxremote.authenticate=false in setenv.sh, SMA will connect just fine even if you put in totally incorrect credentials into the SMA id/password fields (using "always prompt for credentials" in the SMA node definition). If jmxremote.authenticate=true (a requirement for us), then I can't get it to work at all.
Thanks
Ameriprise Financial
US
Hi Sudhakar - I have found where the issue may be (haven't gotten a working solution yet). It appears that our middleware team has Tomcat integrated with LDAP. If I remove the following two entries: -Dcom.sun.management.jmxremote.login.config=Tomcat -Djava.security.auth.login.config=$CATALINA_HOME/login.config (indicates ldap)
and instead specify a local jmxremote.password file instead, I can get SMA to work fine with ids that I put in the jmxremote.access and jmxremote.password files.
Now I just need to figure out how to get it to work with ldap...
Accepted Solution
Ameriprise Financial
US
Hi - I asked our middleware team, which has an ldap id with access to jmxremote on these servers to attempt access to SMA. It was successful. So, I just need to work to either get ids added to that same group or get a new, similar, group defined. Thanks for your time/suggestions.