FIM- fimconfig console access is not protected The FIM console access is not protected; when the fimconfig URL is accessed, the user is not challenged to present credentials. The parameter fimconfig.ootb.rbac.enabled=truen is enabled in the fim.properties file and the users have been loaded with the cliCreateUserGroupsForWLS verified in myrealms.
When the FIM ear file was deployed the wrong security model was chosen in the "Install Application Assistant".
In the security section where it asks "What security model do you want to use with this application?" Choose the first option: -DD Only: Use only roles and policies that are defined in the deployment descriptors.