diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
index 34a9f5454a9bba4013601d4398d816844067b2ab..b5bb4a7ec1e9f92d838d294c4885ae0c54a4c102 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/GetUserAction.java
@@ -71,17 +71,13 @@ import ca.nrc.cadc.ac.PersonalDetails;
 import ca.nrc.cadc.ac.User;
 import ca.nrc.cadc.ac.UserNotFoundException;
 import ca.nrc.cadc.ac.server.UserPersistence;
+import org.apache.log4j.Logger;
 
-import java.security.AccessControlContext;
+import javax.security.auth.Subject;
 import java.security.AccessController;
 import java.security.Principal;
-import java.security.PrivilegedExceptionAction;
 import java.util.Set;
 
-import javax.security.auth.Subject;
-
-import org.apache.log4j.Logger;
-
 
 public class GetUserAction extends AbstractUserAction
 {
diff --git a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
index 696c125fa323c5ef62e8baf9fe10d690731948c0..99ab94ac55601c1c758d62e890afa1c8fef0ec5c 100644
--- a/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
+++ b/projects/cadcAccessControl-Server/src/ca/nrc/cadc/ac/server/web/users/UserServlet.java
@@ -68,11 +68,10 @@
  */
 package ca.nrc.cadc.ac.server.web.users;
 
-import java.io.IOException;
-import java.security.AccessControlContext;
-import java.security.AccessController;
-import java.security.Principal;
-import java.security.PrivilegedActionException;
+import ca.nrc.cadc.ac.server.web.SyncOutput;
+import ca.nrc.cadc.auth.AuthenticationUtil;
+import ca.nrc.cadc.util.StringUtil;
+import org.apache.log4j.Logger;
 
 import javax.security.auth.Subject;
 import javax.security.auth.x500.X500Principal;
@@ -81,13 +80,10 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
-import ca.nrc.cadc.util.StringUtil;
-
-import org.apache.log4j.Logger;
-
-import ca.nrc.cadc.ac.server.web.SyncOutput;
-import ca.nrc.cadc.auth.AuthenticationUtil;
+import java.io.IOException;
+import java.security.AccessController;
+import java.security.Principal;
+import java.security.PrivilegedActionException;
 
 public class UserServlet extends HttpServlet
 {
@@ -95,7 +91,7 @@ public class UserServlet extends HttpServlet
     private static final long serialVersionUID = 5289130885807305288L;
     private static final Logger log = Logger.getLogger(UserServlet.class);
     private String notAugmentedX500User;
-    
+
     @Override
     public void init(final ServletConfig config) throws ServletException
     {
diff --git a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
index 3e1f8e2436d388d4db19d7f27452794708a7861e..081a0cdfa23de83ad11c3c2c5abd1c24f5882c1d 100644
--- a/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
+++ b/projects/cadcAccessControl/src/ca/nrc/cadc/ac/client/UserClient.java
@@ -76,17 +76,13 @@ import java.util.Iterator;
 import java.util.Set;
 
 import javax.security.auth.Subject;
-import javax.security.auth.x500.X500Principal;
 
 import ca.nrc.cadc.ac.*;
-import ca.nrc.cadc.auth.HttpPrincipal;
 
 import org.apache.log4j.Logger;
 
 import ca.nrc.cadc.ac.xml.UserReader;
 import ca.nrc.cadc.auth.AuthenticationUtil;
-import ca.nrc.cadc.auth.CookiePrincipal;
-import ca.nrc.cadc.auth.NumericPrincipal;
 import ca.nrc.cadc.net.HttpDownload;
 
 
@@ -144,50 +140,17 @@ public class UserClient
     public void augmentSubject(Subject subject)
     {
     	Principal principal = this.getPrincipal(subject);
-        URL url = this.getURL(principal);
-    	log.debug("augmentSubject request to " + url.toString());    	
-        ByteArrayOutputStream out = new ByteArrayOutputStream();
-        HttpDownload download = new HttpDownload(url, out);
-        download.run();
-     
-        this.handleThrowable(download);
-        this.augmentSubject(subject, this.getPrincipals(out));
-    }
-    
-    protected void augmentSubject(Subject subject, Set<Principal> principals)
-    {
-        if (!principals.iterator().hasNext())
-        {
-        	String name = subject.getPrincipals().iterator().next().getName();
-        	String msg = "No UserIdentity in LDAP server for principal: " + name;
-        	throw new IllegalStateException(msg);
-        }
-        
-    	for (Principal principal : principals)
+    	if (principal != null)
     	{
-    		if (principal instanceof HttpPrincipal)
-    		{
-    			subject.getPrincipals().add((HttpPrincipal)principal);
-    		}
-    		else if (principal instanceof X500Principal)
-    		{
-    			subject.getPrincipals().add((X500Principal)principal);
-    		}
-    		else if (principal instanceof NumericPrincipal)
-    		{
-    			subject.getPrincipals().add((NumericPrincipal)principal);
-    		}
-    		else if (principal instanceof CookiePrincipal)
-    		{
-    			subject.getPrincipals().add((CookiePrincipal)principal);
-    		}
-            else
-            {
-        		final String msg = "Subject has unsupported principal " +
-        				principal.getName() + 
-        				", not one of (X500, Cookie, HTTP or Cadc).";
-		        throw new IllegalStateException(msg);
-            }
+	        URL url = this.getURL(principal);
+	    	log.debug("augmentSubject request to " + url.toString());    	
+	        ByteArrayOutputStream out = new ByteArrayOutputStream();
+	        HttpDownload download = new HttpDownload(url, out);
+	        download.run();
+	     
+	        this.handleThrowable(download);
+	        subject.getPrincipals().clear();
+	        subject.getPrincipals().addAll(this.getPrincipals(out));
     	}
     }
     
@@ -198,12 +161,8 @@ public class UserClient
     	if (iterator.hasNext())
     	{
     		Principal principal = iterator.next();
-    		log.debug("alinga-- UserClient.getPrincipal(): principal = " + principal);
     		if (iterator.hasNext())
     		{
-    			Principal principal1 = iterator.next();
-        		log.debug("alinga-- UserClient.getPrincipal(): principal1 = " + principal1);			
-    			log.debug("alinga-- UserClient.getPrincipal(): number of principals = " + principals.size());
     			// Should only have one principal
         		final String msg = "Subject has more than one principal.";
 		        throw new IllegalArgumentException(msg);
@@ -213,8 +172,7 @@ public class UserClient
     	}
     	else
     	{
-    		final String msg = "Subject has no principal.";
-    		throw new IllegalArgumentException(msg);
+    		return null;
     	}
     }