SAML SSO - User already exist using windows account name - Mendix Forum

SAML SSO - User already exist using windows account name

0

Hi,

In our SAML implementation we wish to use the SAML claim “windows accountname” as mendix attribute “Name”. When we configure the SAML Idp provisioning as such, we get the error message notifying due to the name element the user already exists. The first time login is works fine, a second login generates the error message. To resolve the problem I've to remove the user account.

Is this a known problem?

Is it possible to resolve this by changing the SAML model, or can we for instance define a new mendix attribute to the Idp Provisioning list so we can extract te value the way?

Any suggestions?

 

Thanks in advance

 

 

asked
2 answers
0

We also had the same issue, with this error:

“ERROR - SAML_SSO: (63/63) Caused by: com.mendix.systemwideinterfaces.core.UserException: Object id: 30680772461474148, validation errors: (member: Name, message: De gebruikersnaam is al in gebruik.)”.

(This error in English: “Username already in use”.)

We resolved this issue (also) by editing the “Just in time provisioning” items, as these settings caused a conflict on the next login after the auto account creation by the SAML module. The conflict was caused as it tried to update the account by provisioning an username that already existed on another account and this throws a validation check on the User entity (being "Username already exists/already in use”) and prevented the next login.

answered
0

I have multiple setups with this scenario so there must be something else wrong here. Have you configured creating new users? Because it looks like it now tries to create a new account on the Mendix side. So double check your user provisioning.

Regards,

Ronald

 

answered