- Issue created by @fkohrt
- 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
The "DB error: already exists" suggests that it is being generated while saving a new user. But that's just a guess, it could be anything.
This error is thrown during SAML authentication, but past experience suggests it is likely not thrown by the SAML authentication module.
Your problem is that the error doesn't give enough information. "already exists" doesn't say much
Line 816 in SqlContentEntityStorage.php suggests that the "user" in your message is actually the entity type. So it seems like "it" is trying to save the same new user twice.
Now, the question is: what is "it"? I think it's not the samlauth module because that's quite careful to save the user only once.
Do you maybe have an event subscriber for the SamlauthEvents::USER_SYNC event, that saves the user? (It shouldn't - it should wait until samlauth saves the user.)
- Status changed to Closed: works as designed
7 months ago 4:25pm 19 June 2024 Thanks, your comment led me on the right track! With the help of the people at CiviCRM's issue tracker I identified the root cause to be a centralized change of user's email addresses that we performed earlier (months ago, but as only one user was affected, I didn't make the immediate connection).
- Status changed to Needs work
7 months ago 4:43pm 19 June 2024 - 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
Thanks for the report!
But that means I was wrong / I presumed too much. You have no custom code, and you're still getting this non-descriptive error. Sure you should 'just' be getting an error, but it shouldn't be non-descriptive.
Per the CiviCRM issue tracker:
On the failing site we had changed the users' email addresses (on the side of the IdP), and the email address for the failing user was already in use by another CiviCRM contact. I changed the email address from the other contact so the user can now successfully authenticate.
the SAMLAuth code should give some error when the e-mail already exists, because we are sure the new/other-user-save will fail. It is doing this for a clashing name, but not for a clashing e-mail (I believe, from a quick read).
That should be fixed sometime. With unit tests, because this piece of code is trying to take care of too many situations at once. Linking another bug in the same code, and changing status.
Well, you definitively helped me finding the cause :)
If it's of any further interest I shared the full backtrace in the CiviCRM issue #5302 linked above.
- Status changed to Active
28 days ago 2:18pm 30 December 2024 - 🇳🇱Netherlands roderik Amsterdam,NL / Budapest,HU
I've created the unit tests now, which can serve as a kind of reminder/reference on how the login/user-save procedure works.
This reminded me that in 'plain' Drupal Core, the email address is actually not unique. Logging in a second user that saves that user with the same e-mail address, is (in some circumstances) possible.
I'm not 100% sure, but the database error seems specific to CiviCRM to me.
Now... I can imagine that someone wants to mark email (or any other mapped field for that matter, e.g. an employee number) as "unique", so the samlauth module always throws an error instead of trying to save the second user. Until now, this is only done for the username field (which is truly unique on a database level).
That would be a valid feature request and I'll keep the issue open for other people to stumble across / comment on. But I'm not planning to work on it myself.