Troubleshooting "SAML authentication failed: Extern uid has already been taken, User has already been taken" and ADFS

I wanted to tell you 2 things about that :

1. I think GitLab.com is bugged : if the system can tell that the Extern uid is already used, it should be able to see that it is used by the user currently trying to connect.

2. We found a workaround (or a correction of our ADFS miss-behaviour) : to apply a rule in the Claim Issuance Policy. Here is the ugly rule we produce to correct the problem : c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"] => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(c.Value, "a", "A"), "b", "B"), "c", "C"), "d", "D"), "e", "E"), "f", "F"), "g", "G"), "h", "H"), "i", "I"), "j", "J"), "k", "K"), "l", "L"), "m", "M"), "n", "N"), "o", "O"), "p", "P"), "q", "Q"), "r", "R"), "s", "S"), "t", "T"), "u", "U"), "v", "V"), "w", "W"), "x", "X"), "y", "Y"), "z", "Z"), ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");

Ticket: 154723

Agent: DeAndre Harris