IBM Support

CWWIM4538E error occurs due to non-unique config.userSecurityNameMapping property

Troubleshooting


Problem

In IBM WebSphere Portal, when attempting to locate a user entry, the following message is returned in Systemout.log: [] CWWIM4538E Multiple principals were found for the 'John Doe' principal name []

Symptom


The SystemOut.log contains the following:

LTPAServerObj E SECJ0373E: Cannot create credential for the user John Doe due to failed validation of the LTPA token. The exception is java.rmi.RemoteException: null; nested exception is
com.ibm.websphere.security.EntryNotFoundException at com.ibm.ws.security.registry.UserRegistryImpl.createCredential(UserRegistryImpl.java:825) at
com.ibm.ws.security.ltpa.LTPAServerObject.validate(LTPAServerObject.java:1133) at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:599)
....
Caused by: com.ibm.websphere.security.EntryNotFoundException at com.ibm.ws.wim.registry.util.UniqueIdBridge.getUniqueUserId(UniqueIdBridge.java:256) at com.ibm.ws.wim.registry.WIMUserRegistry$6.run(WIMUserRegistry.java:351) at com.ibm.ws.wim.security.authz.ProfileSecurityManager.runAsSuperUser(ProfileSecurityManager.java:973) at com.ibm.ws.wim.registry.WIMUserRegistry.getUniqueUserId(WIMUserRegistry.java:340) at com.ibm.ws.security.registry.UserRegistryImpl.createCredential(UserRegistryImpl.java:750)
... 41 more
Caused by: com.ibm.websphere.wim.exception.EntityNotFoundException:
CWWIM4538E Multiple principals were found for the 'John Doe' principal name. at
com.ibm.ws.wim.registry.util.UniqueIdBridge.getUniqueUserId(UniqueIdBridge.java:235)

Cause

The propertyForInput and propertyForOutput values of config:userSecurityNameMapping in the realmConfiguration section of the wimconfig.xml file are not unique in the user registry (i.e. duplicates exist). This issue can occur during login or any other authentication process that is dependent upon the uniqueness of the user entry.

Resolving The Problem


1. Back up the wp_profile/config/cells/wpsbvt/wim/config/wimconfig.xml file.

2. Update wimconfig.xml so that config:userSecurityNameMapping is a unique attribute (i.e. no duplicates exist in the user registry). For example, you might change

    <config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>

to
    <config:userSecurityNameMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>.

3. If WebSphere Portal is clustered, synchronize the nodes.

4. Restart WebSphere Portal.

[{"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"VMM - Virtual Member Manager","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF012","label":"IBM i"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"}],"Version":"6.1","Edition":"Enable;Extend;Server;Express","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

Modified date:
03 December 2021

UID

swg21366910

Page Feedback