IBM Content Navigator, Version 2.0.3     Supports:  Content Manager, FileNet P8, OnDemand, OASIS CMIS

Logging in to a repository as a different user in a session can result in a WebSphere Application Server error

When you access multiple repositories and use more than one user name in a session, the UnauthorizedSessionRequestException error can occur. This error occurs if the security integration option is enabled in the WebSphere® Application Server session management facility.

Symptoms

For example, if you log in to a repository as user1 and then you log in to a different repository as user2, you might receive the following error:
A connection to Repository_ID cannot be established.
The WebSphere Application Server SystemOut.log server log contains the following exception:
com.ibm.websphere.servlet.session.UnauthorizedSessionRequestException

Causes

The session security integration option for WebSphere Application Server is enabled. Enabling this option causes errors when the identity that currently owns the session attempts to create or access a session that belongs to a different authenticated identity. This session security integration option is in the administrative console, when you navigate to Application servers > server1 > Web container > Session management > Security Integration.

Environment

This error occurs on servers where WebSphere Application Server is installed.

In WebSphere Application Server, Version 8.0, the session security integration option is enabled by default.

Resolving the problem

User response: Log off from your current session and log in again to access a different repository. If the error persists, contact your system administrator.

Administrator response: Determine whether a security threat is a possible cause of this error. Consider whether you need to adjust any security settings. However, be sure to follow the security requirements for your organization.