Open stefaniefgray opened 1 year ago
This may be connected to #8774
See original ticket: https://va-gov.atlassian.net/browse/VAHELP-5184
User has still not confirmed whether or not she could log in; last login was when I had tested logging in as user using Developer Login
Otherwise unsure what to do with ticket in the meantime
Could this possibly be solved with #14595 ?
I can take a look at our custom code and the simplesaml code to see if something jumps out at me, but this is almost impossible to test in our current system and until that changes, it's impossible to verify a solution 🤷🏻♂️
Happening again in https://va-gov.atlassian.net/browse/VAHELP-6320
This is still happening in https://va-gov.atlassian.net/browse/VAHELP-6468
Any thoughts @ndouglas or @edmund-dunn ?
Nope, no thoughts. This is going to require a significant amount of time to debug IMHO. I know it's terrible and I'd love to fix it. I don't have any idea what's causing it and, unfortunately, I don't know how to even experiment in this environment.
SimpleSAML Login Trouble
Background information:
Very rarely (every 8 months or so), there will be a user who is completely blocked from logging into https://prod.cms.va.gov/ using their PIV card — and the issue isn’t their PIV card.
As shown in the below screenshot, a search on the "People" page for the email address of a user encountering this error pulled two accounts: Their actual account, and a duplicate “simpleSAML” account also listed under their email address.
At this time, our team does not know what causes this bug, or why this occasionally happens to a particular user out of the blue.
If an administrator deletes the
simplesamlphp_auth_709454
account and the user attempts to log in once more, a new account is created with the exact samesimplesamlphp_auth_709454
username.As of 2/8/2023, the current protocol is to delete the duplicate simpleSAML account, and then write to the user asking them to use the "Developer log in" button with a temporary password.
To reproduce:
Error synchronizing username: an account with this username already exists.
simplesamlphp_auth_123456
account listed alongside the user's actual account.AC / Expected behavior
Any users who have experienced this bug will be able to log back into their existing VA.gov user account without further trouble.
Screenshots
From the "People" page:
Submitted by the user:
Additional context
Relevant Slack thread: https://dsva.slack.com/archives/CT4GZBM8F/p1674765872347519
Desktop (please complete the following information if relevant, or delete)
Labels
(You can delete this section once it's complete)
Team
Please check the team(s) that will do this work.
CMS Team
Public Websites
Facilities
User support