Contrib.social

Module is auto-creating users prefixed with "simplesamlphp_auth_"

Open on Drupal.org →
Created on 13 March 2023, over 1 year ago
Updated 24 January 2024, 5 months ago

Hello,
I've just noticed an odd issue and hope someone can help shed some light on this. I've gotten several auto-created users in my system whose username is prefixed with simplesamlphp_auth_. So, for example. a user "johndoe" authenticates with SAML just fine, isn't in the Drupal database yet, but an account is created with username simplesamlphp_auth_johndoe instead of just "johndoe." Then the system will report an error:
Drupal\externalauth\Exception\ExternalAuthRegisterException: User could not be registered. There is already an account with username "simplesamlphp_auth_johndoe" in Drupal\externalauth\ExternalAuth->register() (line 115 of .../modules/contrib/externalauth/src/ExternalAuth.php).

It's frustrating because most of the time the system works correctly. I've had hundreds of auto-created users that have the correct username upon creation. Any ideas on how to troubleshoot this?

Some details:
simplesamlphp 1.19.7
php 8.1.14
Drupal 9.5.3
External Auth 8.x-1.4

Thanks--

💬 Support request
Status

Active

Version

3.3

Component

Miscellaneous

Created by

🇺🇸United States dmudie

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @dmudie
  • Comment over 1 year ago →
    🇺🇸United States dmudie

    I wonder if this is somehow related to: https://www.drupal.org/project/externalauth/issues/2910506 →

    I just had composer update External Auth to v 2.0.3. My system never complained that 8.x-1.4 was out of date but it appears that the version 2.x is more recently updated so I'm going to use that instead.

  • Comment over 1 year ago →
    🇺🇸United States dmudie

    Note that updates to externalauth did not fix the issue. I have had 3 users auto-generated today. 2 were correctly saved as "username". One was incorrectly saved as "simplesamlphp_auth_username."
    Current details:
    simplesamlphp (library) 1.19.8
    php 8.1.14
    Drupal 9.5.4
    External Auth 2.0.3
    SimpleSAMLphp Authentication (module) 8.x-3.3

    Any ideas? thanks.

  • Comment over 1 year ago →
    🇺🇸United States rex.barkdoll

    Quick sanity check for you all, are there existing users on the site that already match the username/email/unique identifier of the account being provisioned?

    I'm noticing this tends to happen when there's an existing user and the system can't understand that it needs to match the incoming user with the existing account.

    I have one site where incoming users get matched properly and one site where they don't and this prefix thing happens. I thought checking "Automatically enable SAML authentication for existing users upon successful login" was supposed to fix this, but I'm not sure.

  • Comment over 1 year ago →
    🇺🇸United States dmudie

    None of the newly provisioned "bad" accounts match an existing account (username or email address) so I haven't had the same experience. I had wondered something similar early on and searched for existing data in the users_field_data table.

  • Comment over 1 year ago →
    🇺🇸United States dmudie

    Follow-up and resolution. Our hook_entity_insert from our custom module is causing an error in some cases and messing up the entity (in this case a new user). I say "some cases" because in our case we have a pool of servers that were not set up correctly. Namely, some recently added servers did not have access to an Oracle server that we hit at user creation time. When I take the entity_insert out of the equation, accounts are formed as normal. Interesting that an account is still created when hook_entity_insert encounters an error.

  • Comment 5 months ago →
    🇫🇮Finland jhuhta

    I'm seeing exactly the same problem too. It seems some users are randomly getting the simplesamlphp_auth_ prefix to their username - and also the User entity fields and roles are not set, while some other users get provisioned normally as before. There's no visible common denominator in these cases.

    There's no custom hook_entity_insert that could be messing with this in my case though.

  • Comment 5 months ago →
    🇺🇸United States dmudie

    @jhuhta. Bummer. Any contrib modules thats might act on a user_insert? How about a hook_entity_create? Is the drupal log showing anything?

  • Comment 5 months ago →
    🇫🇮Finland jhuhta

    It seems that the attribute set as mail_attr is not always populated in the data, which I didn't know. A log entry, which I didn't immediately notice, states that clearly:

    Drupal\simplesamlphp_auth\Exception\SimplesamlphpAttributeException: Error in simplesamlphp_auth.module: no valid "urn:oid:0.9.2342.19200300.100.1.3" attribute set

    I'm assuming that this exception caused the user provisioning to fail in the middle of the process. Disabling the email syncing in the configuration should fix the problem, as we have anyway some custom attribute syncing code in place that can handle this - and tolerate better missing data.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024