Follow these steps to troubleshoot when the error, “multiple principals were found” is displayed during login.
An exception similar to the following example occurs:
00000014 exception 1 com.ibm.ws.wim.registry.util.UniqueIdBridge getUniqueUserId
CWWIM4538E Multiple principals were found for the 'wimadmin' principal name.
00000014 exception 1com.ibm.ws.wim.registry.util.UniqueIdBridge
getUniqueUserIdcom.ibm.websphere.wim.exception.EntityNotFoundException:
CWWIM4538E Multiple principals were found for the 'wimadmin' principal name.
at com.ibm.ws.wim.registry.util.UniqueIdBridge.getUniqueUserId(UniqueIdBridge.java:168)
In this example, the virtual member manager trace shows that there are two entities with the same principal name, wimadmin, which are returned by the search() API. This causes the exception to occur.
uniqueName="uid=wimadmin,o=defaultWIMFileBasedRealm"
uniqueName="CN=wimadmin,OU=US,DC=COM
Also, in this example, the same name is assigned to primaryAdminId in the security.xml file, as shown here. This causes the “multiple principals” exception to occur during login. The following example is broken into multiple lines for illustration purposes only.
<userRegistries
xmi:type="security:WIMUserRegistry"
xmi:id="WIMUserRegistry_1"
serverId="wimadmin"
serverPassword="{xor}****************"
realm="WIMREALM"
ignoreCase="true"
useRegistryServerId="false"
primaryAdminId="wimadmin"
registryClassName="com.ibm.ws.wim.registry.WIMUserRegistry"/>
Virtual member manager does not allow you to use the same user ID more than once in a realm. For example, you cannot have the same user ID in different LDAP directories, even under different organizational structures. Hence, the user ID must be unique across the different repositories.
Consider a scenario where the primary admin user with the same name wimadmin, exists in a file repository and an LDAP repository. Use the WebSphere Application Server administrative console and follow these steps to remove the duplicate entry from the file repository.
Each repository now has a unique primaryAdminID.