- Sonarqube - 9.9.4.87374
- Configured SAML (with Azure AD) as follows :
SAML user login attribute -http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
SAML user name attribute -http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
SAML user email attribute -http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress - Currently, we have local users in sonar as follows :
Name : Hunnaid Vanak
Login :hunnaidv1@example.com
Email :hunnaidv1@example.com - I am using this curl command to switch the authentication of this user to SAML as -
curl -X POST -u <token>: 'https://sonar-test.example.com/api/users/update_identity_provider?login=hunnaidv1@example.com&newExternalIdentity=hunnaidv1@example.com&newExternalProvider=saml'
This makes the switch but the user cannot login successfully.
Usecase - 2
When the same user tries to login with SAML, a new account is created with the following details Name : Hunnaid Vanak
Login : hunnaid-vanak23421
Email : hunnaidv1@example.com
Usecase -3
If I create a local user with the above details, providing login as hunnaid-vanak23421, and run the curl command to switch this user’s authentication to SAML as follows -
curl -X POST -u <token>: 'https://sonar-test.example.com/api/users/update_identity_provider?login=hunnaid-vanak23421&newExternalIdentity=hunnaidv1@example.com&newExternalProvider=saml'
This makes the switch to SAML and also allows the user to login using SAML.
Question :
Is it not possible to make the switch to SAML successfully using login as hunnaidv1@example.com without needing to provide a randomly generated login?
Let me know if you need any further information.