INFO ,==DC== driver created in 131ms
INFO ,~[_internal-}~Begin session context: User id: $internal$
DEBUG,~[_internal-}~Set user context on current thread ==> 29 / InstanceID 6c0399f9-a689-4114-af35-9881924d53e5
INFO ,~[_internal-}~Service account authentication for user: amis-service
DEBUG,~[_internal-}~registered users flag: false
WARN ,~[_internal-}~Attempt to autenticate service account. User id does not have the correct service account role.:  UserID: amis-service

<serviceAccount passwordDuration="25" durationWindow="5"storageAttribute="serviceAccountPolicy">
              <roles>service-accountrole1,service-accountrole2</roles> 
</serviceAccount>

1. From the RSA Security Console, navigate to Administration > Administrative Roles > Add New. 
2. In the Administrative Role Name field, enter service-accountrole1 as a name for the new administrative role. 
3. Under Administrative Scope, choose the service accounts domain. 
4. Click Next to accept the name and domain scoping (with no changes).
5. Click Next to accept General Permissions (with no changes).
6. Click Next to accept Authentication Permissions (with no changes).
7. Click Next to accept Self-Service Permissions (with no changes). 
8. Click Save to complete the creation of the new role. 
9. Go to Identity > Users > Manage Existing. 
10. Search for the amis-service account.
11. Click on the context arrow next to the user ID and choose Administrative Roles > Assign More.
12. Search for service-accountrole1.
13. Place a check next to the role and click Assign Role. 

• The service account should never be amis-bind, it's only used with AMIS directly and service account has to be a different one.
• You either create the administrative role name service-accountrole1 or service-accountrole2.
• You might need to restart tthe Tomcat service on the AMIS machine, after applying this change:

service tomcat-amis restart