[SalesForce] SSO Federation Id and username do not match

SamlError?ErrorCode=12&ErrorDescription=Federation+id+and+username+do+not+match

I'm getting this error when I try to log in a user using SSO and JIT, the problem it's just with this user, i checked the assertion and the data, everything looks ok, same username and Federation Id. we have another user with the same email, do you think that could be a problem?

Thank you…

Best Answer

Found a solution to this. Modify the createUser() method in the Auth Provider registration handler class to query for the user using the email address passed in the authentication (or any other query you want to use)

    if(!canCreateUser(data)) {
        // If the user has a Federation ID or username match, return that user
        // otherwise fail if can't create a new user
        if ([select count() from User WHERE FederationIdentifier = :data.email 
        OR Username = :data.email] == 0) {
            //Returning null or throwing an exception fails the SSO flow
            return null;
        } else {
            return [SELECT ID FROM User WHERE FederationIdentifier = :data.email 
            OR Username = :data.email LIMIT 1];
        }
    }

Best Answer

Related Solutions

[SalesForce] Error with JIT Provisioning for Salesforce Community User using SAML

[SalesForce] Facebook SSO for Salesforce Customer community NO_ACCESS: Unable to find a user

Related Topic