Multiple principals were found for the ‘xxxxxx’ principal name error has been logged in systemout.log file. This problem happens when ldap user tried to logon to IBM Case Manager or Content Navigator desktop that is, the user ID or password is not valid for the server. Here is the screenshot of the error:
Environment:
- Case Manager 5.2.1.x / 5.3.3.x
- Content Navigator 2.0.3.x / 3.0.x
- Content Platform Engine 5.2.1.x / 5.5.x
- WebSphere Application Server 7.0.0.x / 8.5.5.x / 9.0.5.x
Problem Description in System Log File:
Below is the error reported in systemout.log file:
[11/5/21 10:48:22:834 PKT] 0000001b LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is CWWIM4538E Multiple principals were found for the ‘offr_user’ principal name.
[11/5/21 10:48:22:835 PKT] 0000001b SystemOut O CIWEB Error: [offr_user(unknown) @ 192.168.10.5] [REQUEST 17820] com.ibm.ecm.struts.actions.authentication.ContainerLogonAction.doContainerLogin() CWWIM4538E Multiple principals were found for the ‘offr_user’ principal name.
[11/6/21 10:50:22:836 PKT] CIWEB Error: [offr_user(unknown) @ 192.168.10.5] [REQUEST 17820] com.ibm.ecm.struts.actions.authentication.DesktopLogonAction.executeBaseAction() Failed to authenticate desktop.
com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4538E Multiple principals were found for the ‘offr_user’ principal name.
at com.ibm.ws.wim.adapter.ldap.LdapAdapter.login(LdapAdapter.java:2760)
at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5353)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
java.lang.reflect.Method.invoke(Method.java:600)
Solution:
Try the following steps accordingly:
- Logon to WAS admin console.
- Go to Security > Global Security > Federated repositories > Configure.
- Under Repository Identifier, select the “Your’s”.
- In additional properties, select Federated repositories entity types to LDAP object classes mapping.
- Under Entity Type, select PersonAccount.
- For Search filter, replace the default (ObjectCategory=User) with (&(objectCategory=User)(!(CN=))).
- Click on apply and save the change. Below is the screenshot for reference.
Finally, restart the WAS JVM. Try to logon again through icm or icn desktop with the same user logon name, therefore you will see problem is resolved now.
For more details, please visit: https://www.ibm.com/mysupport/s/question/0D50z00005pgjYC/getting-error-when-logging-into-portaladmin-console-cwwim4538e-multiple-principals-were-found-for-the-xxx-principal-name?language=en_US