AD Authentication fails issue with sonarqube 25.5.0.107428-community

ashuit49 · May 21, 2025, 11:06am

Hi Team,

We recently upgraded SonarQube Community Edition from version 24.12.0.100206-community to 25.5.0.107428-community. After the upgrade, now users are unable to access our SonarQube site using Azure AD login. However, reverting back to version 24.12.0.100206-community resolves the issue, and AD authentication works fine.

With SonarQube 25.5.0.107428-community, users are unable to log in using AD authentication. It appears there might be a breaking change in this version of SonarQube.

Can you help me with this, or is there an alternative solution?

Colin · May 22, 2025, 9:28am

Hey there.

Are you using GitHub - hkamel/sonar-auth-aad: Azure Active Directory Authentication for SonarQube? If so, you may want to track this issue:

github.com/hkamel/sonar-auth-aad

Authentication fails starting with sonarqube 25.1.0.102122-community

opened 02:15PM - 13 Jan 25 UTC

dammg

After updating our sonarqube to version "25.1.0.102122-community", the authentic…ation fails with the exception below. Reverting back to the version "24.12.0.100206-community" fixes the issue. It seems, there is a breaking change with sonarqube? Could you please have a look at it? ``` 2025.01.13 09:34:13 ERROR web[][o.s.s.p.w.RootFilter] Processing of request /oauth2/callback/aad?code=XXX failed jakarta.servlet.ServletException: 'javax.servlet.http.HttpServletRequest org.sonar.api.server.authentication.OAuth2IdentityProvider$CallbackContext.getRequest()' at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:274) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:83) at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:70) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.sonar.server.platform.web.CspFilter.doFilter(CspFilter.java:67) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:60) at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:47) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:56) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.sonar.server.platform.web.EndpointPathFilter.doFilter(EndpointPathFilter.java:47) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:65) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:115) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:203) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:162) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:124) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:123) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:483) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:268) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:397) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:905) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) at java.base/java.lang.Thread.run(Unknown Source) Caused by: java.lang.NoSuchMethodError: 'javax.servlet.http.HttpServletRequest org.sonar.api.server.authentication.OAuth2IdentityProvider$CallbackContext.getRequest()' at org.almrangers.auth.aad.AadIdentityProvider.onCallback(AadIdentityProvider.java:133) at org.almrangers.auth.aad.AadIdentityProvider.callback(AadIdentityProvider.java:123) at org.sonar.server.authentication.OAuth2CallbackFilter.handleOAuth2Provider(OAuth2CallbackFilter.java:87) at org.sonar.server.authentication.OAuth2CallbackFilter.handleProvider(OAuth2CallbackFilter.java:70) at org.sonar.server.authentication.OAuth2CallbackFilter.doFilter(OAuth2CallbackFilter.java:63) at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194) at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165) at org.sonar.server.platform.web.MasterServletFilter$HttpFilterChainAdapter.doFilter(MasterServletFilter.java:208) at org.sonar.server.authentication.DefaultAdminCredentialsVerifierFilter.doFilter(DefaultAdminCredentialsVerifierFilter.java:83) at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194) at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165) at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:126) at jdk.internal.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:223) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:251) ... 141 common frames omitted ```

Topic		Replies	Views
SonarQube to Azure AD is failing with 401 error in logs SonarQube Server / Community Build authentication	2	634	January 11, 2022
Sonarqube AAD integration - Error Plugin Development sonarqube	1	80	February 18, 2025
Sonarqube -Azure AD Authentication successful but cant hit Sonarqube Page(dashboard) SonarQube Server / Community Build	4	461	September 4, 2020
SonarQube failed to login with aad-auth plugin 2.0.0 SonarQube Server / Community Build sonarqube	9	92	May 21, 2025
Azure AD Authentication Plug-in Issue SonarQube Server / Community Build azure	2	1321	May 22, 2019

AD Authentication fails issue with sonarqube 25.5.0.107428-community

Related topics