Problem
When using SAML for authentication in Terraform Enterprise (TFE), you may encounter an error if a user's email address is too long. TFE enforces a 40-character limit on usernames, and the default SAML configuration automatically assigns the user's email as their username.
This results in the following error message:
An error occurred. Please contact your TFE Administrator for further information. ERROR: Validation failed: Username cannot have more than 40 characters
Prerequisites
- Administrative SSH access to the Terraform Enterprise instance with
sudoprivileges.
Cause
This error occurs because the SAML single sign-on (SSO) process attempts to create a TFE username from the user's email address, which exceeds the 40-character limit imposed by the application.
Solution
To resolve this issue, you can manually create the user account with a shorter username through the TFE Rails console.
- Connect to the TFE instance via SSH and access the Rails console by following the steps in the How To Access the Terraform Enterprise Rails Console guide.
-
Execute the following commands in the Rails console to create, confirm, and save the new user. Replace the placeholder values with the user's actual information.
## Replace placeholders with the user's information. ## <email@email.com>: The user's full email address. ## <customusername>: A new username under 40 characters. ## <Password123>: A temporary password. ## Create the user object. u = User.create!(email: "email@email.com", username: "customusername", password: "Password123", is_admin: false) ## Confirm the user's account. u.confirm ## Save the changes to the database. u.save
Outcome
After you manually create the user account, the user can log in successfully using SAML SSO. The existing SAML identity will link to the newly created TFE user account.