sorry, Instead of “block” I mean “suspend”.
Yes, I tried this.
The issue is, that the user gets anonymized and therefore the username changes. I guess, saml doesn’t recognize this and adds a new user because saml can not find the user with its username (= because the user was anonymized before).
It sounds as though you don’t understand how to handle user-requested deletions and when/where it doesn’t apply.
When a user signs up for your site you have the right to process their provided information (email and username) for the purpose of the registration. That processing doesn’t end when they are suspended and try to leave, taking their toys with them.
You aren’t obligated to remove the email of a banned or suspended user. The right to be forgotten doesn’t supersede the processing purpose.
The user can withdraw their consent for the processing of personal data, but consent is only one of the grounds that can make data processing legal under the GDPR.
Another ground can be the legitimate interest of the controller (article 6.1, f: processing is necessary for the purposes of the legitimate interests pursued by the controller). Such a legitimate interest can be making sure the user cannot create a new account. Otherwise the user could misuse the GDPR to have all records erased, including the fact that they have misbehaved.
GDPR article 17, emphasis mine.
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (…)
the data subject withdraws consent on which the processing is based (…) and where there is no other legal ground for the processing;
Which basically means: yes, the forum has to remove the users data upon their request, but since the forum has suspended the user they need a way to make sure that the user does not create a new account, so they have a good reason to keep the email address of the suspended user on file, despite the request of the user.
One way to do this in Discourse is to anonymize the (already suspended) user and then change the anonymized email address back to their real email address. You might also want to keep their registration IP, based on the same ground, and add it to the block list.