- Issue created by @fkohrt
- 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
The "DB error: already exists" suggests that it is being generated while saving a new user. But that's just a guess, it could be anything.
This error is thrown during SAML authentication, but past experience suggests it is likely not thrown by the SAML authentication module.
Your problem is that the error doesn't give enough information. "already exists" doesn't say much
Line 816 in SqlContentEntityStorage.php suggests that the "user" in your message is actually the entity type. So it seems like "it" is trying to save the same new user twice.
Now, the question is: what is "it"? I think it's not the samlauth module because that's quite careful to save the user only once.
Do you maybe have an event subscriber for the SamlauthEvents::USER_SYNC event, that saves the user? (It shouldn't - it should wait until samlauth saves the user.)
- Status changed to Closed: works as designed
6 months ago 4:25pm 19 June 2024 Thanks, your comment led me on the right track! With the help of the people at CiviCRM's issue tracker I identified the root cause to be a centralized change of user's email addresses that we performed earlier (months ago, but as only one user was affected, I didn't make the immediate connection).
- Status changed to Needs work
6 months ago 4:43pm 19 June 2024 - 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
Thanks for the report!
But that means I was wrong / I presumed too much. You have no custom code, and you're still getting this non-descriptive error. Sure you should 'just' be getting an error, but it shouldn't be non-descriptive.
Per the CiviCRM issue tracker:
On the failing site we had changed the users' email addresses (on the side of the IdP), and the email address for the failing user was already in use by another CiviCRM contact. I changed the email address from the other contact so the user can now successfully authenticate.
the SAMLAuth code should give some error when the e-mail already exists, because we are sure the new/other-user-save will fail. It is doing this for a clashing name, but not for a clashing e-mail (I believe, from a quick read).
That should be fixed sometime. With unit tests, because this piece of code is trying to take care of too many situations at once. Linking another bug in the same code, and changing status.
Well, you definitively helped me finding the cause :)
If it's of any further interest I shared the full backtrace in the CiviCRM issue #5302 linked above.