Gitlab auth callback gives You're not authorized to access this page

dev-krisna · June 4, 2020, 10:17am

Trying to accomplish:
Login with private gitlab account to sonarqube enterprise 7.9.3

Using

SonarQube Enterprise 7.9.3
Gitlab CE 10.7.4
GitLab Auth plugin 1.3.2 (installed from the marketplace)

What I’ve done

I installed sonarqube enterprise 7.9.3 and gitlab auth plugin 1.3.2 from the marketplace and I already set the configuration like this readme https://github.com/gabrie-allaigre/sonar-auth-gitlab-plugin/blob/master/README.md

Issue
After I set the configuration like the readme I mention above and tried to login from gitlab auth I got error "you’re not authorized” and the web.log gives me this:

2020.06.04 08:02:49 WARN  web[AXJ+WpgBM2/X1KZ9AAAT][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab'
com.github.scribejava.core.exceptions.OAuthConnectionException: There was a problem while creating a connection to the remote service: https://my-private-gitlab.com/oauth/token
	at com.github.scribejava.core.model.OAuthRequest.send(OAuthRequest.java:39)
	at com.github.scribejava.core.oauth.OAuth20ServiceImpl.getAccessToken(OAuth20ServiceImpl.java:36)
	at com.talanlabs.sonar.plugins.gitlab.auth.GitLabIdentityProvider.callback(GitLabIdentityProvider.java:102)
	at org.sonar.server.authentication.OAuth2CallbackFilter.handleOAuth2Provider(OAuth2CallbackFilter.java:102)
	at org.sonar.server.authentication.OAuth2CallbackFilter.handleProvider(OAuth2CallbackFilter.java:78)
	at org.sonar.server.authentication.OAuth2CallbackFilter.doFilter(OAuth2CallbackFilter.java:71)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:126)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:95)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:87)
	at org.sonar.server.user.UserSessionFilter.doFilter(UserSessionFilter.java:71)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.requestid.RequestIdFilter.doFilter(RequestIdFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:320)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:263)
	at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:258)
	at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1314)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:408)
	at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1362)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1337)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:246)
	at com.github.scribejava.core.model.OAuthRequest.addBody(OAuthRequest.java:82)
	at com.github.scribejava.core.model.OAuthRequest.doSend(OAuthRequest.java:55)
	at com.github.scribejava.core.model.OAuthRequest.send(OAuthRequest.java:37)
	... 49 common frames omitted

Am I missing something or how do I solve it?

Prior to this I already tried when using the gitlab auth plugin version 1.3.2 with the same private gitlab but with sonarqube comunnity version 6.7.5 and it works well I can login with gitlab auth.

Thanks,

Regards
Ahmad Krisnanda

pierreguillot · June 4, 2020, 10:33am

Hi, the relevant piece of information is here:

So it looks like you have an issue with your GitLab SSL certificate.

Please note that the GitLab Auth plugin was created by the community, and is not maintained anymore. In SonarQube 8, GitLab authentication is supported natively, without requiring a plugin.