After moving to the R12.8 Application Server Agent for WebSphere with 'ChallengeForCredentials=No' and the 'AssertionAuthResource=/tai' with a Realm defined with the TAI Agent Identity protecting the Realm. The TAI is still reporting all requests as "NotProtected", resulting in the TAI not propagating the User ID to WebSphere and the requests to fail.
Release : 12.8
Component : SITEMINDER FOR IBM WEBSPHERE
The Base R12.8 Application Server Agent for WebSphere with ChallengeForCredentials set to "No" is using the Application Context requested by the User as the resource for the request instead of the value from the AssertionAurhResource ACO parameter, and since there are no matching Realms, the request is reported as "NotProtected.
Provided the customer with the DevFix from DE506122 to address an issue where the TAI with 'ChallengeForCredentials=No' was not using the value of the ' AssertionAuthResource' ACO parameter as the requested resource to process the request.