User is not able to create passkey if passkey is deleted from VIP Auth Hub. use case is described below

1. User Login to application with username/password (i.e. user1/#####)
2. User created  passkey successfully for user1)
3. After login, User changed his userid from user1 to user2
4. User called helpdesk to removed the passkey from AuthHub DB
5. User is getting below DB error while trying to create passkey with new userID

ROUTING_URL=https://<AH-Host>/default/auth/v1/authenticate|Request Body : {
\"channel\": \"web\",
\"action\": \"authenticate\",
\"ipAddress\": \"10.XX.XX.XX\",
\"existingIDToken\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.................\",
\"device\": {\"signature\":{\"iaAuthData\":\"\"}},
\"subject\": \"LoginPasskey\"
}|Response Body :{\"errorCode\":\"2000000\",\"errorMessage\":\"DB Exception \"}

Observed below error in the AuthHub pod

org.springframework.dao.DataIntegrityViolationException: could not execute statement [ERROR: duplicate key value violates unique constraint \"t_user_universal_id_identity_source_id\"
Detail: Key (universal_id, identity_source_id, tenant_id)=(000080842xxxxxxxxxx, e7c27fbc-xxxx-xxxxxxxxxxxxx, 2e6570fd-xxxx-xxxxxxxxxx) already exists.] [insert into T_USER (ACCOUNT_ACTIVATED,ACCOUNT_TYPE,BIRTH_DATE,COST_CENTER,CREATE_PROCESS_TYPE,CREATED_BY,CREATED_BY_NAME,CREATED_BY_TYPE,CREATED_DATETIME,DEPARTMENT,IS_DISABLED,DISALLOW_INTERACTIVE_LOGIN,DISPLAY_NAME,DIVISION,EMPLOYEE_NUMBER,EXTERNAL_ID,FEDERATED,FIRST_NAME,GENDER,IDENTITY_SOURCE_ID,IDP_NAME,IDP_TYPE,IDP_ORIGIN_ID,IDP_USER_GUID,LAST_LOCK_DATETIME,LAST_LOGIN_FAILURE_DATETIME,LAST_LOGIN_SUCCESS_DATETIME,LAST_NAME,LOCALE,IS_LOCKED,MANAGER_ID,MIDDLE_NAME,NAME_FORMATTED,NAME_HONORIFIC_PREFIX,NAME_HONORIFIC_SUFFIX,NICK_NAME,ORGANIZATION,PASSWORD,PWD_CANNOT_BE_CHANGED,PASSWORD_HISTORY,IS_PASSWORD_MUST_CHANGE,PWD_NEVER_EXPIRES,PREFERRED_LANGUAGE,PROFILE_URL,SALT,SERVICE_ACCOUNT,STATUS,STRIKE_COUNT,TENANT_ID,TIME_ZONE,TITLE,IS_UPDATABLE,UPDATED_BY,UPDATED_BY_NAME,UPDATED_BY_TYPE,UPDATED_DATETIME,USER_LOGIN,USER_PASSWORD,USER_PASSWORD_CHANGE_DATETIME,USER_PASSWORD_HISTORY,USER_TYPE,UNIVERSAL_ID,VERSION,WEB_SITE_URL,USER_ID) values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)]; SQL [insert into T_USER (ACCOUNT_ACTIVATED,ACCOUNT_TYPE,BIRTH_DATE,COST_CENTER,CREATE_PROCESS_TYPE,CREATED_BY,CREATED_BY_NAME,CREATED_BY_TYPE,CREATED_DATETIME,DEPARTMENT,IS_DISABLED,DISALLOW_INTERACTIVE_LOGIN,DISPLAY_NAME,DIVISION,EMPLOYEE_NUMBER,EXTERNAL_ID,FEDERATED,FIRST_NAME,GENDER,IDENTITY_SOURCE_ID,IDP_NAME,IDP_TYPE,IDP_ORIGIN_ID,IDP_USER_GUID,LAST_LOCK_DATETIME,LAST_LOGIN_FAILURE_DATETIME,LAST_LOGIN_SUCCESS_DATETIME,LAST_NAME,LOCALE,IS_LOCKED,MANAGER_ID,MIDDLE_NAME,NAME_FORMATTED,NAME_HONORIFIC_PREFIX,NAME_HONORIFIC_SUFFIX,NICK_NAME,ORGANIZATION,PASSWORD,PWD_CANNOT_BE_CHANGED,PASSWORD_HISTORY,IS_PASSWORD_MUST_CHANGE,PWD_NEVER_EXPIRES,PREFERRED_LANGUAGE,PROFILE_URL,SALT,SERVICE_ACCOUNT,STATUS,STRIKE_COUNT,TENANT_ID,TIME_ZONE,TITLE,IS_UPDATABLE,UPDATED_BY,UPDATED_BY_NAME,UPDATED_BY_TYPE,UPDATED_DATETIME,USER_LOGIN,USER_PASSWORD,USER_PASSWORD_CHANGE_DATETIME,USER_PASSWORD_HISTORY,USER_TYPE,UNIVERSAL_ID,VERSION,WEB_SITE_URL,USER_ID) values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)]; constraint [t_user_universal_id_identity_source_id]
at org.springframework.orm.jpa.vendor.HibernateJpaDialect.convertHibernateAccessException(HibernateJpaDialect.java:294)

Authentication Hub ( Identity Service Platform)

Release : 3.4.6

The current VIP Auth Hub User Directory settings are configured with separate attributes for the login ID ("uid") and the universal ID ("custguid"). When a user's login ID was changed, the universal ID remained the same, which prevented the user from creating a passkey with the new login ID due to a duplicated universal ID key.
To resolve the duplicate-key issue with the universal ID, it is recommended to use the same attribute for both the login ID and the universal ID.
There is no impact on existing users. When an existing user logs in, the system updates their universal ID to "uid" in the VIP Auth Hub. The updated universal ID value will also be present in the ID Token.

Note:-> This change can not be reverted once done so please consult internally about any implications. The user who previously changed the user ID with custguid cannot log in with the passkey.