Exception when signing in with SAML login

[4d62]

Describe the bug When attempting to log in using a SAML provider configured in the "Federation and Social Login" section of the authentik admin interface, an exception appears in the logs. This occurs right after the user is authenticated and redirected from the SAML provider back to authentik

To Reproduce Steps to reproduce the behavior:

1. Navigate to the admin interface, click Directory then Federation and Social login
2. Setup a 'Saml source' provider
3. Visit your authentication flow and update the identification stage to add the icon to the login page
4. Log out and attempt the log back in

Expected behavior The user is logged in correctly / the enrollment flow pops up or an error which is not a stack trace appears.

Screenshots If applicable, add screenshots to help explain your problem.

Logs

Stacktrace from authentik

``` Traceback (most recent call last): File "/authentik/flows/views/executor.py", line 286, in get stage_response = self.current_stage_view.dispatch(request) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/authentik/stages/user_write/stage.py", line 182, in dispatch user.save() File "/ak-root/venv/lib/python3.12/site-packages/django/contrib/auth/base_user.py", line 78, in save super().save(*args, **kwargs) File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/base.py", line 822, in save self.save_base( File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/base.py", line 909, in save_base updated = self._save_table( ^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/base.py", line 1071, in _save_table results = self._do_insert( ^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/base.py", line 1112, in _do_insert return manager._insert( ^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/manager.py", line 87, in manager_method return getattr(self.get_queryset(), name)(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/query.py", line 1847, in _insert return query.get_compiler(using=using).execute_sql(returning_fields) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/models/sql/compiler.py", line 1823, in execute_sql cursor.execute(sql, params) File "/ak-root/venv/lib/python3.12/site-packages/sentry_sdk/utils.py", line 1788, in runner return sentry_patched_function(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/sentry_sdk/integrations/django/__init__.py", line 653, in execute result = real_execute(self, sql, params) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 79, in execute return self._execute_with_wrappers( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 92, in _execute_with_wrappers return executor(sql, params, many, context) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 100, in _execute with self.db.wrap_database_errors: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django/db/utils.py", line 91, in __exit__ raise dj_exc_value.with_traceback(traceback) from exc_value File "/ak-root/venv/lib/python3.12/site-packages/django/db/backends/utils.py", line 105, in _execute return self.cursor.execute(sql, params) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/django_prometheus/db/common.py", line 69, in execute return super().execute(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/ak-root/venv/lib/python3.12/site-packages/psycopg/cursor.py", line 97, in execute raise ex.with_traceback(None) django.db.utils.DataError: integer out of range ```

Version and Deployment (please complete the following information):

• authentik version: 2024.10.1
• Deployment: docker compose

Additional context I was testing this with Cloudflare Access as my SAML Source, which I use for additional protection and legacy purposes.

my config:

• authentik: SSO URL: https://my.cloudflareaccess.com/cdn-cgi/access/sso/saml/{id here} Issuer: https://id.domain.org Binding Type: Post auto-binding
• Cloudflare Access configuration EntityID: https://id.domain.org ACS URL: https://id.domain.org/source/saml/cfa-saml/acs/ Name ID Format: Email

Behavior with my 2 providers configured in Cloudflare access:

• Google: When logging in, a stack trace appears in authentik.
• AWS IAM SSO The error message "Flow doesn't apply to the current user" appears.

I’m not very familiar with the inner workings of SAML but I can try to dig deeper if needed

[4d62]

PS: No error is encountered when linking the saml source in https://id.domain.org/if/user/#/settings;%7B%22page%22%3A%22page-sources%22%7D. I logged in with Google and AWS to test.

I find it strange that one of the providers returns a normal error and the other one a stacktrace if it's passing by the same Cloudflare access. opened a bug report because of the stacktrace.

After linking, there's no more stacktraces or errors when attempting to login