Problem
When a user attempts to log into Terraform Enterprise (TFE) using SAML authentication, they are redirected to an error page with the following message:
An error occurred. Please contact your TFE Administrator for further information. ERROR: Validation failed: Username has already been taken
Prerequisites
- This error occurs in a Terraform Enterprise environment with SAML single sign-on (SSO) enabled.
Cause
This issue occurs when a SAML Identity Provider (IdP) is misconfigured and sends the same username attribute for two or more distinct users. By default, Terraform Enterprise uses the Username attribute from the SAML response to generate the TFE username. If this attribute is not unique for each user, TFE rejects the login attempt for the second user to prevent a username collision.
Solution
To resolve this issue, you must reconfigure your SAML Identity Provider (IdP) to ensure it sends a unique username attribute for each distinct user.
The mechanism for determining the username is a setting within your IdP, not within Terraform Enterprise. You should define a username determination mechanism that does not result in collisions, such as using an email address or a unique employee ID.
For specific instructions, consult your IdP's documentation.
Additional Information
- For guidance on configuring your SAML Identity Provider, refer to the Terraform Enterprise IdP configuration documentation.
- For general SAML settings, see the Terraform Enterprise SAML configuration documentation.