diff --git a/source/java/org/alfresco/web/app/servlet/DefaultRemoteUserMapper.java b/source/java/org/alfresco/web/app/servlet/DefaultRemoteUserMapper.java
index c50f82298f..481400a4d5 100644
--- a/source/java/org/alfresco/web/app/servlet/DefaultRemoteUserMapper.java
+++ b/source/java/org/alfresco/web/app/servlet/DefaultRemoteUserMapper.java
@@ -207,6 +207,10 @@ public class DefaultRemoteUserMapper implements RemoteUserMapper, ActivateableBe
             {
                 userId = matcher.group(1).trim();
             }
+            else
+            {
+                return null;                
+            }
         }
         return userId.length() == 0 ? null : userId;
     }
diff --git a/source/java/org/alfresco/web/app/servlet/DefaultRemoteUserMapperTest.java b/source/java/org/alfresco/web/app/servlet/DefaultRemoteUserMapperTest.java
index cb2d0261ca..efea132636 100644
--- a/source/java/org/alfresco/web/app/servlet/DefaultRemoteUserMapperTest.java
+++ b/source/java/org/alfresco/web/app/servlet/DefaultRemoteUserMapperTest.java
@@ -100,26 +100,30 @@ public class DefaultRemoteUserMapperTest extends AbstractChainedSubsystemTest
         // Set the proxy user name
         childApplicationContextFactory.stop();
         childApplicationContextFactory.setProperty("external.authentication.proxyUserName", "bob");
-        
+
         // Mock a request with both a user and a header
         HttpServletRequest mockRequest = mock(HttpServletRequest.class);
         when(mockRequest.getRemoteUser()).thenReturn("bob");
         when(mockRequest.getHeader("X-Alfresco-Remote-User")).thenReturn("AdMiN");
         assertEquals("admin", ((RemoteUserMapper) childApplicationContextFactory.getApplicationContext().getBean(
                 "remoteUserMapper")).getRemoteUser(mockRequest));
-        
+
         // Now try header pattern matching
         childApplicationContextFactory.stop();
         childApplicationContextFactory.setProperty("external.authentication.userIdPattern", "abc-(.*)-999");
         when(mockRequest.getHeader("X-Alfresco-Remote-User")).thenReturn("abc-AdMiN-999");
         assertEquals("admin", ((RemoteUserMapper) childApplicationContextFactory.getApplicationContext().getBean(
-        "remoteUserMapper")).getRemoteUser(mockRequest));
-        
+                "remoteUserMapper")).getRemoteUser(mockRequest));
+
+        // Try a request with an invalid match
+        when(mockRequest.getHeader("X-Alfresco-Remote-User")).thenReturn("abc-AdMiN-998");
+        assertNull(((RemoteUserMapper) childApplicationContextFactory.getApplicationContext().getBean(
+                "remoteUserMapper")).getRemoteUser(mockRequest));
+
         // Try a request without the remote user
         when(mockRequest.getRemoteUser()).thenReturn(null);
         assertNull(((RemoteUserMapper) childApplicationContextFactory.getApplicationContext().getBean(
-        "remoteUserMapper")).getRemoteUser(mockRequest));
-        
+                "remoteUserMapper")).getRemoteUser(mockRequest));
     }        
     
 }