IBM Support

Attempts to map a RunAs role to users when using a federated repository in a security domain causes an authentication error

Troubleshooting


Problem

When a federated repository is used for a security domain other than for a global domain, attempts to map a RunAs role to users produce an authentication failure with error code CWWIM4537E.

Symptom

When this authentication error occurs, the following error message is displayed:

com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4537E  
No principal is found from the 'persona1' principal name.
at com.ibm.ws.wim.SPIServiceProvider.login(SPIServiceProvider.java:53)
at com.ibm.ws.wim.registry.util.UserRegistryValidator.checkPassword
(UserRegistryValidator.java:203)
at com.ibm.ws.security.admintask.securityDomain.SecConfigTaskHelper.authenticateUser
(SecConfigTaskHelper.java:240)

Cause

This problem occurs only when a security domain is defined with a federated repository. The error message is not displayed for global domains or when no domains are affected.

Resolving The Problem

A temporary fix is to manually map the RunAs role by using Rational Application Developer or its equivalent prior to application deployment.

You can also use the edit command of the AdminApp object with the MapRunAsRoles option to modify the application using wsadmin scripting.

You can optionally install fix pack 8.0.0.1 to resolve this issue.

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"","label":"i5\/OS"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"8.0","Edition":"Base;Express;Network Deployment","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
15 June 2018

UID

swg21498477

Page Feedback