Troubleshooting
Problem
When a federated repository is used for a security domain other than for a global domain, attempts to map a RunAs role to users produce an authentication failure with error code CWWIM4537E.
Symptom
When this authentication error occurs, the following error message is displayed:
com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4537E
No principal is found from the 'persona1' principal name.
at com.ibm.ws.wim.SPIServiceProvider.login(SPIServiceProvider.java:53)
at com.ibm.ws.wim.registry.util.UserRegistryValidator.checkPassword
(UserRegistryValidator.java:203)
at com.ibm.ws.security.admintask.securityDomain.SecConfigTaskHelper.authenticateUser
(SecConfigTaskHelper.java:240)
Cause
This problem occurs only when a security domain is defined with a federated repository. The error message is not displayed for global domains or when no domains are affected.
Resolving The Problem
A temporary fix is to manually map the RunAs role by using Rational Application Developer or its equivalent prior to application deployment.
You can also use the edit command of the AdminApp object with the MapRunAsRoles option to modify the application using wsadmin scripting.
You can optionally install fix pack 8.0.0.1 to resolve this issue.
Related Information
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21498477