Authentication fails when using the application server supplied command line tool to synchronise WebSphere Node Agents (syncNode.sh) when the default OpenAM authentication chain has been updated to make use of modules other than Datastore as first module.
Users get errors like:
ADMU0111E: Program exiting with error:
javax.management.JMRuntimeException: ADMN0022E: Access is denied for the resolve operation on ConfigService MBean because of insufficient or empty credentials.
ADMU4113E: Verify that username and password information is correct. If running tool from the command line, pass in the correct -username and -password. Alternatively, update the <conntype>.client.props file.
Have the authenticate method in com.sun.identity.agents.websphere.AmRealmUserRegistry specify the Application module as part of the login call.