>>It looks like you are using a custom JDBC realm.
>>Do you expect the realm to add a principal with name "username"?
Yes we are using a custom realm, it is not expected to add more than one principal.
But looking at the code I might have found the problem,
commitUserAuthentication() is always called (after validating password), even when isIdentityAssertion is true.
I will correct that and I will soon know if that is the problem.
VD