Issue: SAML, anonymized user and blocked

Steps to reproduce:

  • User A, a SAML user exists
  • Admin want, that User A is no longer able to use discourse
  • Admin uses the “anonymize user” function for user A (all entries are no anonymized => thats good)
  • Admin want to block further access of user A and therefore want to block him (block user function)

Note: the user was not removed from SAML server and is still active

Even that the user does still exist on SAML server, the user should not be able to log in because he/she is blocked.

Current behavior:
The user is able to log in.

Have you tried suspending the user account within Discourse?

sorry, Instead of “block” I mean “suspend”.
Yes, I tried this.

The issue is, that the user gets anonymized and therefore the username changes. I guess, saml doesn’t recognize this and adds a new user because saml can not find the user with its username (= because the user was anonymized before).

I guess, discourse-saml tries to find the user based on the username at

I think there need to be a way to match a anonymized user with the saml user data. Does someone know how and which attribute to validate?