You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current logic for generating unique matrix ID is something like:
Get SSO attributes.
Pass SSO attributes to mapping provider to get a matrix ID localpart.
If the user exists, go back to 2 and append how many times we've attempted this to the localpart.
If this has been attempted 1000 times, fail.
If a unique user ID is generated, register the user and associated it with the SSO attributes.
A couple of odd things:
The 1000 is arbitrary but seems rather high (we would waste a lot of processing doing this loop 1000 times).
Can we improve this logic so you don't just give up after a certain number of iterations?
It is worth mentioning that depending on the SSO configuration and mapping provider used this might not be an issue (e.g. if you're in a corporate environment with unique email usernames and use the username as the localpart, they should never conflict). This really only happens if whatever attribute you're using from SSO can conflict (maybe you're using first name and hire a lot of people named "Erik", you'd end up with @erik:foo, @erik1:foo, .... @erik999:foo and then you can't hire more Eriks.
The text was updated successfully, but these errors were encountered:
This issue has been migrated from #8813.
This comes from a conversation at matrix-org/synapse#8801 (comment)
The current logic for generating unique matrix ID is something like:
A couple of odd things:
It is worth mentioning that depending on the SSO configuration and mapping provider used this might not be an issue (e.g. if you're in a corporate environment with unique email usernames and use the username as the localpart, they should never conflict). This really only happens if whatever attribute you're using from SSO can conflict (maybe you're using first name and hire a lot of people named "Erik", you'd end up with
@erik:foo
,@erik1:foo
, ....@erik999:foo
and then you can't hire more Eriks.The text was updated successfully, but these errors were encountered: