Troubleshooting
Problem
In IBM WebSphere Portal, when attempting to locate a user entry, the following message is returned in Systemout.log: [] CWWIM4538E Multiple principals were found for the 'John Doe' principal name []
Symptom
The SystemOut.log contains the following:
LTPAServerObj E SECJ0373E: Cannot create credential for the user John Doe due to failed validation of the LTPA token. The exception is java.rmi.RemoteException: null; nested exception is
com.ibm.websphere.security.EntryNotFoundException at com.ibm.ws.security.registry.UserRegistryImpl.createCredential(UserRegistryImpl.java:825) at
com.ibm.ws.security.ltpa.LTPAServerObject.validate(LTPAServerObject.java:1133) at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:599)
....
Caused by: com.ibm.websphere.security.EntryNotFoundException at com.ibm.ws.wim.registry.util.UniqueIdBridge.getUniqueUserId(UniqueIdBridge.java:256) at com.ibm.ws.wim.registry.WIMUserRegistry$6.run(WIMUserRegistry.java:351) at com.ibm.ws.wim.security.authz.ProfileSecurityManager.runAsSuperUser(ProfileSecurityManager.java:973) at com.ibm.ws.wim.registry.WIMUserRegistry.getUniqueUserId(WIMUserRegistry.java:340) at com.ibm.ws.security.registry.UserRegistryImpl.createCredential(UserRegistryImpl.java:750)
... 41 more
Caused by: com.ibm.websphere.wim.exception.EntityNotFoundException:
CWWIM4538E Multiple principals were found for the 'John Doe' principal name. at
com.ibm.ws.wim.registry.util.UniqueIdBridge.getUniqueUserId(UniqueIdBridge.java:235)
Cause
The propertyForInput and propertyForOutput values of config:userSecurityNameMapping in the realmConfiguration section of the wimconfig.xml file are not unique in the user registry (i.e. duplicates exist). This issue can occur during login or any other authentication process that is dependent upon the uniqueness of the user entry.
Resolving The Problem
1. Back up the wp_profile/config/cells/wpsbvt/wim/config/wimconfig.xml file.
2. Update wimconfig.xml so that config:userSecurityNameMapping is a unique attribute (i.e. no duplicates exist in the user registry). For example, you might change
- <config:userSecurityNameMapping propertyForInput="principalName" propertyForOutput="principalName"/>
to
- <config:userSecurityNameMapping propertyForInput="uniqueName" propertyForOutput="uniqueName"/>.
3. If WebSphere Portal is clustered, synchronize the nodes.
4. Restart WebSphere Portal.
Was this topic helpful?
Document Information
Modified date:
03 December 2021
UID
swg21366910