Due to the fix for security issue 3924 in OpenSSO 8.0 Enterprise 8.0, the amadmin user was prevented from logging in to any authentication module other than the DataStore and Application authentication modules.
This new fix for CR 6811036 removes this restriction, but at the same time re-implements the original security fix to protect the authentication as the amadmin user, which is considered as the OpenSSO Enterprise internal or special user, in following manner:
amadmin can authenticate only to or or the Top-Level Realm.
amadmin and its password will first be authenticated against the configuration data store. That is, this user and its password should match the amadmin user and its password in the OpenSSO Enterprise configuration data store. Then, this user will be authenticated against the required authentication store (authentication module) with the same credentials. Finally, this user will be retrieved (searched) in the OpenSSO Enterprise user data store (based on the user profile option selected in the Authentication service configuration).
The actual authentication module store and/or user data store and configuration data store could be different, as long as the above is successful. If all three stores are the same, the above would be automatically successful.