Comment 7 for bug 1654409

I was able to resolve the issue by removing "external" from the authentication methods in keystone.conf.

methods = external,password,token,saml2
  to
methods = password,token,saml2

I "think" this occurs because my mapping uses REMOTE_USER and if external is configured, it creates an AuthContext using the external method and then later attempts to set the user_id using the saml auth method, resulting in a dup.

Note: this doc warns against external and federation: http://docs.openstack.org/developer/keystone/external-auth.html#configuration