Active directory users group membership is deleted after re-login

Ahmet_Said_Oyanik · May 15, 2024, 2:25pm

Must-share information (formatted with Markdown):

Developer Edition Version 10.3 (build 82913)
zip
add a.d. users to groups
added from Sonorqube browser security section.
Subject: Issue with Active Directory User Permissions in SonarQube

Hello Support Team,

I’m encountering an issue with permissions for Active Directory users in SonarQube. When I add a user from Active Directory to a group in the SonarQube security section, it seems to work initially. However, when the user logs out and logs back in, their permissions are reset, and they only retain the default SonarQube Users permissions.

Could you please assist me in resolving this issue? It seems like the permissions assigned to Active Directory users are not persisting across sessions.

Below, I’m sharing the logs where I assign permissions, log out, and log back in


127.0.0.1 - - [15/May/2024:17:00:09 +0300] "POST /api/user_groups/add_user HTTP/1.0" 204 - "https://XXXXXXXXXXXXXXXXXX/admin/users" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "AY9EhxhMyhv/WH0tAlSv" 14

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "POST /api/authentication/logout HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/logout" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTC" 10

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET / HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/logout" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTD" 7

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/users/current HTTP/1.0" 401 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTF" 2

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/navigation/global HTTP/1.0" 401 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTG" 2

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/features/list HTTP/1.0" 401 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTH" 3

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/l10n/index?locale=tr HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTE" 29

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /sessions/new?return_to=%2F HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTI" 7

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/l10n/index?locale=tr HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTJ" 34

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/settings/login_message HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTL" 3

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/users/identity_providers HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTK" 7

 
 

127.0.0.1 - - [15/May/2024:17:01:06 +0300] "POST /api/authentication/login HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT2" 38

127.0.0.1 - - [15/May/2024:17:01:06 +0300] "GET / HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT3" 8

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/features/list HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT7" 3

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/users/current HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT5" 7

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/navigation/global HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT6" 14

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/l10n/index?locale=tr HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT4" 31

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/languages/list HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT9" 3

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/rules/app HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT+" 4

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/metrics/search?ps=500 HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT8" 8

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/components/search_projects?filter=isFavorite&ps=1 HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT/" 6

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/components/search_projects?ps=50&facets=reliability_rating%2Csecurity_rating%2Csecurity_review_rating%2Csqale_rating%2Ccoverage%2Cduplicated_lines_density%2Cncloc%2Calert_status%2Clanguages%2Ctags%2Cqualifier&f=analysisDate%2CleakPeriodDate HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlUA" 32

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/projects/search_my_scannable_projects HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlUC" 28

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/measures/search?projectKeys=194454bc-aa80-11ec-b90rthbyyu%2CBImnEP7iEJtO59iHostH93dwmXUokjvt%2CBImnEP7iEJtO5mlupl4om1XUokvf%2C2ee3820b-273b-47b3-8546-7bc38e1c5925%2CAksesuar%2CnhfeBIsqqw3qtnp44cewvcEFJtece34%2CnhfeBIsqqw3qtnp44cewvcEFJdfjnvjr23%2C349988d6-d148-4e5f-b8c9-050a4775b325%2C249c7488-8c1f-4c54-8149-5a6848b5692f%2Ce128bb33-2271-45df-8a97-a30655caf4b9%2Ce2cd950f-1dfe-4f16-9b20-1264120a5cc1%2Ca35b29c4-aa7f-11ec-b909-0242ac120002%2C5fc1b5bc-6337-43b7-9fef-e497ad818ab4%2CBImnEP7iEJtO5mlupl4om1XUokvfewtrev%2Cfskjjdg234y57--2dmxnadsf%2C60659654-cb28-4819-bfbd-bcd159f5fae2%2C32e14b3b-11bc-42dd-b623-d16c80f2ab4b%2C726c1354-8dbe-498e-9332-17df8f59ad37%2C8faeeb37-f617-48ee-831c-greerf2e6c%2Cd20bb544-a719-4868-9d1a-f5f621760b58%2C0d841f63-b798-428f-949b-94e72f9516a4%2C499407dc-aa7d-11ecyw-b909-0242ac120002tr%2C5ddce3e6-382a-4cf3-9e72-ef00c8w33rcd303te%2CDevOpsTest-Project%2C5a766b18-df4d-48d5-8c08-d25dc5217c71%2C067046b8-9ebb-497d-a234-ec5aa816101b%2C81fcc6ca-80a4-46bb-be54-ad95cb53db68%2Ce632be1f-1bcf-4fa2-bff2-4favfdrwe%2Cb2a85915-0c5b-4f44-b889-352c3e9a6191%2C8136f4fb-0368-41b7-acc9-533d8b6576a2%2CBIsqqw3qtnplkonwon512CmorF31%2CBIsqqw3qtnplkonwon5mvrRcnsEDQ465%2CnhfeBIsqqw3qtnp44cewv312czx3451%2C02db6b17-2f7e-4f9e-911a-bb0360447de1%2C6055fcc9-e688-4d24-af19-0ba832d369d7%2Ca3b9d442-aa89-11ec-b9wqe3ac120002%2C7aab6296-e305-485f-8ea7-62ebc9e83de6%2CFason%2C90bfd93a-a472-4cb3-baa1-5b77fec4a28d%2C527e6e2d-be1d-4aa9-81d3-6e2443f6263b%2C1b2bc548-0071-4dd2-b506-6027fd326193%2Ceb2f8b19-7693-468e-b6b4-6c841e1acc08%2C0373dffe-cde3-4555-9bcb-9889efacfdd3%2C29681514-a9ea-4fd9-901b-b85dd7a149d0%2C6aaa06a9-86b1-4a92-864e-ed8c5d9a912f%2C4fd4db25-04c6-4eb3-ae8e-798949176760%2C2fcc2607-cd5c-4773-8e59-4ebe76b50297%2C38a4af89-fdb2-4f45-bd0d-d666cc7386a8%2C7bbfb1c9-4710-402d-8fc2-30c45968aa0d%2C8316ca4c-d758-4915-90d6-0ac870f0e2fd&metricKeys=alert_status%2Cbugs%2Creliability_rating%2Cvulnerabilities%2Csecurity_rating%2Csecurity_hotspots_reviewed%2Csecurity_review_rating%2Ccode_smells%2Csqale_rating%2Cduplicated_lines_density%2Ccoverage%2Cncloc%2Cncloc_language_distribution%2Cprojects HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlUB" 49

ganncamp · May 16, 2024, 5:54pm

Hi,

Welcome to the community!

Per the docs if you’ve got group synchronization enabled:

When group synchronization is configured, group memberships can only be managed from the delegated authentication source, and the user’s groups are re-fetched with each login.

You’ll need to add your users to the groups in AD.

HTH,
Ann

Topic		Replies	Views
AD user not automatically removed when group membership changes in Active Directory SonarQube Server / Community Build active_directory , bug-no-category	4	2266	May 13, 2020
AzureAD user will automatically be removed from Group if she/he log out SonarQube Server / Community Build sonarqube , active_directory , user	2	862	June 8, 2022
AD Users added as sonar-administrators are getting deleted after re-login SonarQube Server / Community Build sonarqube	1	1223	February 11, 2020
Lose permissions to groups SonarQube Server / Community Build sonarqube	3	2091	May 1, 2020
AAD login is not synching groups - Users removed from AD groups switching from LDAP to AAD SonarQube Server / Community Build sonarqube	1	327	July 1, 2022

Active directory users group membership is deleted after re-login

Related topics