Problem
When a users try to log into TFE using SAML authentication, they are redirected to an error page stating:
An error occurred. Please contact your TFE Administrator for further information.
ERROR: Validation failed: Username has already been taken
Prerequisites
This error will only occur in an SSO-enabled Terraform Instance, this includes Terraform Cloud for Business organizations.
Cause
The root cause of the issue is that the email domain has changed on the backend. For example, users are in Terraform under the "example.com" email domain and then in the IdP backend the domain is changed to "example.net". This created an inconsistency for the expected user's email with what was being sent in the SAML authorization.
Solution
This issue is resolved by Connecting To The Rails Console and running the following set of commands:
user = User.find_by(username: "<user_name>")
user.email = '<new_email>'
user.save
user = User.find_by(username: "<user_name>")
If these commands result in a similar error message about a user existing, then run the following command to identify the duplicate record that was created for the user's email but does not have a username.
user = User.find_by(email: "<user_name>@<email_domain>")
Once identified, run the following command to destroy this record and then re-run the original commands to apply the desired changes.
user.destroy!
Additional Information
If the steps above to do not resolve this issue, please open a support ticket with HashiCorp Support.