Let's say the following is in the HPEL or SystemOut log when attempting to sign into the WebSphere admin console.

SECJ0118E: Authentication error during authentication for user john.doe

For example, in this example, the authentication failed when attempting to sign in as Bugs. 

Bad username / password

The most common cause of this issue that the user simply mistyped their username or password. 

Admin username / password

If you have the administrative username and password for the federated repository, try to sign in using the admin's username and password. Refer to Administrative Security. The administrative passwords will be listed in their encrypted XOR format in the security.xml file. Java can be used to decode the XOR password.

LDAP issue

If the deployment manager is configured to use LDAP to authenticate users, there may be some LDAP issue. Refer to Getting Started with LDAP. To determine if the username exists in LDAP, you can test an LDAP query. You can update the log level from *=info to *=finest. It probably makes sense to update the log level runtime instead of configuration since you should only need the log level set to *=finest for a few minutes.

*=finest

Then attempt to sign in again and check the HPEL or SystemOut log for any LDAP events. Notice in this example that there is an LDAP error 49. This almost always means an invalid username and password was provided.

[9/24/25 2:40:33:292 CDT] 00000123 LdapRegistryI A   SECJ0419I: The user registry is currently connected to the LDAP server ldap://foo.example.com:636.
[9/24/25 2:40:33:337 CDT] 00000123 LTPAServerObj E   SECJ0369E: Authentication failed when using LTPA. The exception is com.ibm.websphere.security.auth.AuthenticationFailedException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09052B, comment: AcceptSecurityContext error, data 52e, v4f7c^@].
[9/24/25 2:40:33:349 CDT] 00000123 FormLoginExte E   SECJ0118E: Authentication error during authentication for user john.doe

JAAS login module issue

The first time an authentication failure occurs, a First Failure Data Capture (FFDC) log should be created. Let's say the FFDC log has "unable to find LoginModule", something like this. In this scenario, refere to Resolve "unable to find LoginModule".

[6/24/22 4:55:34:603 CDT]     FFDC Exception:javax.security.auth.login.LoginException SourceId:com.ibm.ws.security.auth.JaasLoginHelper.jaas_login ProbeId:503 Reporter:com.ibm.ws.security.auth.JaasLoginHelper@b72b2a19
javax.security.auth.login.LoginException: unable to find LoginModule class: com.example.myLoginModule