Introduction
Problem
When a user tries to log into TFE using SAML authentication, they are redirected to an error page stating:
An error occurred. Please contact your TFE Administrator for further information.
ERROR: Validation failed: Username has already been taken
Prerequisites
-
This error will only occur in an SSO-enabled Terraform Enterprise Environment.
Cause
This issue was seen in an environment where two users with the same name tried to log in to TFE, which ended up with the SAML provider sending out the SAME Username for two distinct users due to the Identity provider misconfiguration.
Solution
The SAML provider's configuration needs to be reconfigured. By default, Terraform Enterprise uses the SAML response’s Username attribute to generate the TFE Username Attribute.
In short, it is a setting of the Identity Provider, and not of the Terraform application, how the user name is determined. The recommendation is to define a determination mechanism that does not result in collisions.
More information on the configuration steps can be found in the Terraform Enterprise documentation and on the vendor's documentation website.