There are a few nuances when using WebSphere Application Server Classic and developing your own custom JASPIC implementation. This post details a few that I encountered.
You need to explicitly enable it
WebSphere does not enable application based security nor JASPIC by default so Global Security needs to be configured with the following enabled
- Enable application security
- Enable Java Authentication SPI (JASPI)