Active directory users group membership is deleted after re-login

Must-share information (formatted with Markdown):

  • Developer Edition Version 10.3 (build 82913)
  • zip
  • add a.d. users to groups
  • added from Sonorqube browser security section.
  • Subject: Issue with Active Directory User Permissions in SonarQube

Hello Support Team,

I’m encountering an issue with permissions for Active Directory users in SonarQube. When I add a user from Active Directory to a group in the SonarQube security section, it seems to work initially. However, when the user logs out and logs back in, their permissions are reset, and they only retain the default SonarQube Users permissions.

Could you please assist me in resolving this issue? It seems like the permissions assigned to Active Directory users are not persisting across sessions.

Below, I’m sharing the logs where I assign permissions, log out, and log back in


127.0.0.1 - - [15/May/2024:17:00:09 +0300] "POST /api/user_groups/add_user HTTP/1.0" 204 - "https://XXXXXXXXXXXXXXXXXX/admin/users" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "AY9EhxhMyhv/WH0tAlSv" 14

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "POST /api/authentication/logout HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/logout" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTC" 10

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET / HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/logout" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTD" 7

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/users/current HTTP/1.0" 401 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTF" 2

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/navigation/global HTTP/1.0" 401 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTG" 2

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/features/list HTTP/1.0" 401 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTH" 3

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/l10n/index?locale=tr HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTE" 29

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /sessions/new?return_to=%2F HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTI" 7

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/l10n/index?locale=tr HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTJ" 34

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/settings/login_message HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTL" 3

127.0.0.1 - - [15/May/2024:17:00:27 +0300] "GET /api/users/identity_providers HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlTK" 7

 
 

127.0.0.1 - - [15/May/2024:17:01:06 +0300] "POST /api/authentication/login HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT2" 38

127.0.0.1 - - [15/May/2024:17:01:06 +0300] "GET / HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT3" 8

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/features/list HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT7" 3

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/users/current HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT5" 7

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/navigation/global HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT6" 14

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/l10n/index?locale=tr HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT4" 31

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/languages/list HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT9" 3

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/rules/app HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT+" 4

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/metrics/search?ps=500 HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT8" 8

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/components/search_projects?filter=isFavorite&ps=1 HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlT/" 6

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/components/search_projects?ps=50&facets=reliability_rating%2Csecurity_rating%2Csecurity_review_rating%2Csqale_rating%2Ccoverage%2Cduplicated_lines_density%2Cncloc%2Calert_status%2Clanguages%2Ctags%2Cqualifier&f=analysisDate%2CleakPeriodDate HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlUA" 32

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/projects/search_my_scannable_projects HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlUC" 28

127.0.0.1 - - [15/May/2024:17:01:07 +0300] "GET /api/measures/search?projectKeys=194454bc-aa80-11ec-b90rthbyyu%2CBImnEP7iEJtO59iHostH93dwmXUokjvt%2CBImnEP7iEJtO5mlupl4om1XUokvf%2C2ee3820b-273b-47b3-8546-7bc38e1c5925%2CAksesuar%2CnhfeBIsqqw3qtnp44cewvcEFJtece34%2CnhfeBIsqqw3qtnp44cewvcEFJdfjnvjr23%2C349988d6-d148-4e5f-b8c9-050a4775b325%2C249c7488-8c1f-4c54-8149-5a6848b5692f%2Ce128bb33-2271-45df-8a97-a30655caf4b9%2Ce2cd950f-1dfe-4f16-9b20-1264120a5cc1%2Ca35b29c4-aa7f-11ec-b909-0242ac120002%2C5fc1b5bc-6337-43b7-9fef-e497ad818ab4%2CBImnEP7iEJtO5mlupl4om1XUokvfewtrev%2Cfskjjdg234y57--2dmxnadsf%2C60659654-cb28-4819-bfbd-bcd159f5fae2%2C32e14b3b-11bc-42dd-b623-d16c80f2ab4b%2C726c1354-8dbe-498e-9332-17df8f59ad37%2C8faeeb37-f617-48ee-831c-greerf2e6c%2Cd20bb544-a719-4868-9d1a-f5f621760b58%2C0d841f63-b798-428f-949b-94e72f9516a4%2C499407dc-aa7d-11ecyw-b909-0242ac120002tr%2C5ddce3e6-382a-4cf3-9e72-ef00c8w33rcd303te%2CDevOpsTest-Project%2C5a766b18-df4d-48d5-8c08-d25dc5217c71%2C067046b8-9ebb-497d-a234-ec5aa816101b%2C81fcc6ca-80a4-46bb-be54-ad95cb53db68%2Ce632be1f-1bcf-4fa2-bff2-4favfdrwe%2Cb2a85915-0c5b-4f44-b889-352c3e9a6191%2C8136f4fb-0368-41b7-acc9-533d8b6576a2%2CBIsqqw3qtnplkonwon512CmorF31%2CBIsqqw3qtnplkonwon5mvrRcnsEDQ465%2CnhfeBIsqqw3qtnp44cewv312czx3451%2C02db6b17-2f7e-4f9e-911a-bb0360447de1%2C6055fcc9-e688-4d24-af19-0ba832d369d7%2Ca3b9d442-aa89-11ec-b9wqe3ac120002%2C7aab6296-e305-485f-8ea7-62ebc9e83de6%2CFason%2C90bfd93a-a472-4cb3-baa1-5b77fec4a28d%2C527e6e2d-be1d-4aa9-81d3-6e2443f6263b%2C1b2bc548-0071-4dd2-b506-6027fd326193%2Ceb2f8b19-7693-468e-b6b4-6c841e1acc08%2C0373dffe-cde3-4555-9bcb-9889efacfdd3%2C29681514-a9ea-4fd9-901b-b85dd7a149d0%2C6aaa06a9-86b1-4a92-864e-ed8c5d9a912f%2C4fd4db25-04c6-4eb3-ae8e-798949176760%2C2fcc2607-cd5c-4773-8e59-4ebe76b50297%2C38a4af89-fdb2-4f45-bd0d-d666cc7386a8%2C7bbfb1c9-4710-402d-8fc2-30c45968aa0d%2C8316ca4c-d758-4915-90d6-0ac870f0e2fd&metricKeys=alert_status%2Cbugs%2Creliability_rating%2Cvulnerabilities%2Csecurity_rating%2Csecurity_hotspots_reviewed%2Csecurity_review_rating%2Ccode_smells%2Csqale_rating%2Cduplicated_lines_density%2Ccoverage%2Cncloc%2Cncloc_language_distribution%2Cprojects HTTP/1.0" 200 - "https://XXXXXXXXXXXXXXXXXX/projects" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "AY9EhxhMyhv/WH0tAlUB" 49

 
 

Hi,

Welcome to the community!

Per the docs if you’ve got group synchronization enabled:

When group synchronization is configured, group memberships can only be managed from the delegated authentication source, and the user’s groups are re-fetched with each login.

You’ll need to add your users to the groups in AD.

 
HTH,
Ann