The authentication flow failed for certain user(s). The following errors occur when the problem happened.

org.springframework.dao.IncorrectResultSizeDataAccessException: Query did not return a unique result: 2 results were returned\n\tat org.springframework.orm.jpa.vendor.HibernateJpaDialect.convertHibernateAccessException(HibernateJpaDialect.java:305)\n\tat

API Completion Error: method=POST, api=/auth/v1/authenticate, status=500, txnId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, clientTxnId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, flowStateId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The application is configured with "zeroFootPrint": true in IDSP and "trusted device" is enabled in this tenant.

IDSP 3.4.2

This is a known issue documented under DE661315. A permanent fix is scheduled for the IDSP 4.0.2 release.

Steps to Reproduce
The issue occurs during specific shared device registration flows:

1. Initial Registration: User A marks "device1" as trusted and receives tag abc.
2. Shared Access: User B marks the same "device1" as trusted. Because the device is shared, IA Risk rotates the tag and issues a new tag, xyz.
3. Expiration & Renewal: User B uses "device1" after the trusted status has expired. The expired device record is deleted during the flow. After completing MFA, User B re-trusts "device1" using tag xyz.
4. The Trigger: User B uses "device1" again. IA Risk incorrectly flags the device as shared, rotates the tag again, and issues tag lmn. User B completes MFA and trusts the device.

Result: The logic error is triggered at Step 4, leading to inconsistent device states.

Workaround
To resolve this manually, you must clear the user's existing trusted devices.

1. Retrieve all devices: Use the following API to list all devices associated with the userId:
   
   GET https://{{sspHost}}/{{apiPathTenant}}/admin/v1/TrustedDevices/{{userId}}
   
   
2. Delete devices: Remove the devices one by one using the delete endpoint.

Permanent Solution
To resolve this issue permanently, please upgrade to IDSP 4.0.2 or later.