Delegation of authentication with Gitlab fails

jreimann · August 18, 2021, 8:56am

Hi Community,

I am trying to set up the ALM integration with SonarQube and Gitlab, both selfhostet on different servers. I created an App as specified an the documentation, but when I try to login, I get refused:

The error in the weblog is:

2021.08.17 22:20:42 WARN  web[AXtVvTPFrfsmD8xPAACT][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab'
java.lang.IllegalStateException: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Software overview

Gitlab CE, version 14.1.2, selfhosted, ssl certicate via let’s encrypt
SonarQube Developer Edition, version 9.0.1, selfhosted, ssl certicate via let’s encrypt
Server for SonarQube: Debian 9, minimal
Java: openjdk version “11.0.6” 2020-01-14, OpenJDK Runtime Environment (build 11.0.6+10-post-Debian-1bpo91), OpenJDK 64-Bit Server VM (build 11.0.6+10-post-Debian-1bpo91, mixed mode, sharing)

What I tried

I have come so far to understand, that the issue might be with the certificates. I tried to import the gitlab certificate into the keystore by creating a .cer-file with the certificate and then running this command (following this path):

keytool -importcert -file gitlabcertificate.cer -keystore keystore.jks -alias "Gitlab"

This command created a keystore.jks in the folder I was in (/opt). I thought, that this was not correct, so I run the command again without specifying a keystore:

keytool -importcert -file gitlabcertificate.cer

Now I can see in the logs, that the error still persists, but at the same time I see something related to my certificate activities:

2021.08.18 10:31:09 DEBUG web[AXtVvTPFrfsmD8xPAAHv][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:###, Subject:CN=###, Issuer:CN=###,
2021.08.18 10:31:09 DEBUG web[AXtVvTPFrfsmD8xPAAHv][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:###, Subject:CN=###, O=Let's Encrypt, C=##, Issuer:CN=###
2021.08.18 10:31:09 DEBUG web[AXtVvTPFrfsmD8xPAAHv][jdk.event.security] X509Certificate: Alg:SHA256withRSA, Serial:###, Subject:CN=### Root X1, O=###
2021.08.18 10:31:09 WARN  web[AXtVvTPFrfsmD8xPAAHv][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab'
java.lang.IllegalStateException: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

I don’t know how to proceed here, I am lost. Does anyone know?

Best
Juliane

jreimann · August 19, 2021, 10:07am

So I found a solution myself. I just had to tell SonarQube which truststore to use. I did this via this config param:

sonar.web.javaAdditionalOpts=-Djavax.net.ssl.trustStore=<path-to-truststore> Djavax.net.ssl.trustStorePassword=<password>

ganncamp · August 19, 2021, 12:26pm

Hi,

Welcome to the community!

Congrats on finding your own answer & thank for posting it here for posterity!

Ann

system · August 26, 2021, 12:27pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.