diff --git a/cadc-util/build.gradle b/cadc-util/build.gradle
index 7057dd56..bca9d1f8 100644
--- a/cadc-util/build.gradle
+++ b/cadc-util/build.gradle
@@ -15,7 +15,7 @@ sourceCompatibility = 1.8
 
 group = 'org.opencadc'
 
-version = '1.12.11'
+version = '1.12.12'
 
 description = 'OpenCADC core utility library'
 def git_url = 'https://github.com/opencadc/core'
diff --git a/cadc-util/src/main/java/ca/nrc/cadc/log/WebServiceLogInfo.java b/cadc-util/src/main/java/ca/nrc/cadc/log/WebServiceLogInfo.java
index 08374b6c..d90098be 100644
--- a/cadc-util/src/main/java/ca/nrc/cadc/log/WebServiceLogInfo.java
+++ b/cadc-util/src/main/java/ca/nrc/cadc/log/WebServiceLogInfo.java
@@ -72,6 +72,7 @@
 import ca.nrc.cadc.auth.AuthMethod;
 import ca.nrc.cadc.auth.AuthenticationUtil;
 import ca.nrc.cadc.auth.HttpPrincipal;
+import ca.nrc.cadc.auth.IdentityManager;
 import ca.nrc.cadc.date.DateUtil;
 import ca.nrc.cadc.util.StringUtil;
 import java.lang.reflect.Field;
@@ -84,7 +85,6 @@
 import java.util.UUID;
 
 import javax.security.auth.Subject;
-import javax.security.auth.x500.X500Principal;
 import org.apache.log4j.Logger;
 
 /**
@@ -342,18 +342,18 @@ public void setJobID(String jobID) {
     protected String getUser(Subject subject) {
         try {
             if (subject != null) {
+                // backwards compat for cadc-specific abuse of HttpPrincipal
                 final Set<HttpPrincipal> httpPrincipals = subject.getPrincipals(HttpPrincipal.class);
                 if (!httpPrincipals.isEmpty()) {
                     HttpPrincipal principal = httpPrincipals.iterator().next();
-                    this.proxyUser = principal.getProxyUser();
-                    return principal.getName();
-                }
-
-                final Set<X500Principal> x500Principals = subject.getPrincipals(X500Principal.class);
-                if (!x500Principals.isEmpty()) {
-                    X500Principal principal = x500Principals.iterator().next();
-                    return principal.getName();
+                    if (principal.getProxyUser() != null) {
+                        this.proxyUser = principal.getProxyUser(); // side effect
+                        return principal.getName();
+                    }
                 }
+                // defer to configured IM
+                IdentityManager im = AuthenticationUtil.getIdentityManager();
+                return im.toDisplayString(subject);
             }
         } catch (Throwable t) {
             // ignore - can't throw exceptions here