When using identity only in combination with WebSphere Application Server for z/OS and LDAP you may need to perform additional manual configuration steps; this is regardless of whether configuration is done via the WebSphere Application Server for z/OS Administrative Console or the configure target. With this combination you may find that WebSphere Application Server for z/OS fails to start successfully and this is due to the need to add a WebSphere Application Server for z/OS -generated username to the login module exclude list property (exclude_usernames) described in Add the Login Module. In this case of WebSphere Application Server for z/OS failing to start there will be a SECJ0270E error message in the SystemOut.log file prior to the failure.
These are the steps needed to resolve this error: