Hi,
I am requesting to regain access to the Fedora GitLab group under my main account and to fix the duplicate account issue.
Previously, I was granted membership to the Fedora GitLab group under my personal GitLab account, @jwflory. At some point unknown to me, this access was revoked and I was removed from the group.
@jwflory
I tried to use the SAML authentication linked in the profile of the Fedora GitLab group, but I did not notice that I was signed out of GitLab when I went to link to SAML authentication. Here is the flow of what happened:
After this flow, I noticed that my personal GitLab account was not added to the group, but instead, a ghost user (@jflory7), took my place. The account shows as an unconfirmed user.
@jflory7
<img alt="Screenshot of @jflory7 shown in the Fedora GitLab group membership, using metadata provided by Fedora FAS account" src="/fedora-infrastructure/issue/raw/files/54de2a69d7c52e385136a708080b4524258f40dfdadfa9b4056d1e06ee312111-Screenshot_2022-06-08_at_18-03-14_Group_members_fedora_GitLab.png" />
<img alt="Screenshot of unconfirmed user profile for @jflory7 on GitLab" src="/fedora-infrastructure/issue/raw/files/ba3efdba74b6eb30b8725bcb28edb3cc3ea96777a4432a053cf1f884661a793d-Screenshot_2022-06-08_at_17-59-47_Unconfirmed_user_GitLab.png" />
<img alt="Screenshot of @jwflory GitLab profile without membership in the Fedora GitLab group" src="/fedora-infrastructure/issue/raw/files/104d2a4f4eb94ee39a2e802eeac4a2d34489c3694b00b98a950701e9ead0fc30-Screenshot_2022-06-08_at_18-05-53_J.W.F._GitLab.png" />
Next, I tried to complete the SAML authentication link again, but this time, after signing into Fedora FAS, I am redirected to the Fedora GitLab group with this error: SAML authentication failed: Extern uid has already been taken.
SAML authentication failed: Extern uid has already been taken
In short, I still do not have access with my personal GitLab account and now there is a second "ghost" user added that I am unable to sign into or delete the account myself.
I wasn't sure where the right place to go with this request was, but I figured this was the best place to start. Any help to straighten this out is welcome!
Metadata Update from @zlopez: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: medium-gain, medium-trouble, ops
Metadata Update from @mobrien: - Issue tagged with: gitlab
@jflory7 I have removed your user from the Fedora group
@jflory7 any news here?
@jflory7 you should be able to log into the jflory7 github user with the SAML link.
first, log out of github (or maybe use a private browsing window might work too), and try go to https://gitlab.com/groups/fedora/-/saml/sso and log into the jflory7 account.
if this succeeds, in the jflory7 account, Go to User Settings > Account > Social Sign In, and click the disconnect button next to 'SAML for Fedora'
Once disconnected, try logging into to your regular github account (jwflory) normally (username password/ or however), then go to the https://gitlab.com/groups/fedora/-/saml/sso link again, and you should be able to link your jwflory account to your Fedora account
Hi folks, this is now resolved and I am closing this as complete. Thanks @ryanlerch for the thorough instructions. The process was awkward and I had to repeat steps a few times, so I documented what I had to do below for anyone else who might have to do this in the future.
I used a private window and went to the SSO URL. I signed in with my Fedora Account but had to confirm the email associated with my FAS account on GitLab. I had to sign in twice at this step because the first time, it prompted me to log into GitLab with a normal username and password.
After I confirmed my email, it prompted me to log in again with an email and password, and I had to repeat my Fedora SSO login to gain access to the GitLab user preferences.
Worked like a charm.
Once I was able to log in, I disconnected the "SAML for Fedora" option. I decided I wanted to delete this account and reclaim the email on my primary GitLab account. So, I had to create a password on the account in order for GitLab to let me delete my account. Once I set a password, GitLab prompted me again to login, this time with the FAS email and password I just set. Finally, I went to Preferences > Account, and then I was able to schedule the account for permanent deletion.
After I deleted the account, I returned to my GitLab session on my primary account, repeated the Fedora SSO login, and successfully bound my FAS login to my primary GitLab account.
It was more tedious than expected, but everything worked out in the end. :rocket:
Metadata Update from @jflory7: - Issue close_status updated to: Fixed with Explanation - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.