We are configuring security for Z/OS Connect with SAF registries. Included in that are EJBROLES
EJBROLES not being validated. The rules have been written that don't seem to work. The z/OS Connect trace shows errors.
3:00] 00000053 id=xxxxxx ibm.ws.security.authorization.saf.internal.SAFRoleMapperImpl < getProfileFromRole Exit
BAQDEV01.zos.connect.access.roles.zosConnectAccess
[7/19/18 19:16:59:796 GMT-03:00] 00000053 id=0a2b8be7 urity.authorization.saf.internal.SAFAuthorizationServiceImpl > checkAccess Entry
SAFCredentialImpl@b828c87e:xxxxxxx:ASSERTED:xxxxxxx
[B@fb68dad5,len=8
03:00] 00000053 id=c399b451 .ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl < isUserInRole Exit
false
[7/19/18 19:16:59:868 GMT-03:00] 00000053 id=c399b451 .ibm.ws.webcontainer.security.WebAppSecurityCollaboratorImpl < isUserInRole Exit