Because of the log4f vulnerability, i upgraded our sonarqube server from 7.9.3 version to 8.9.6 version (community edition). On the 7.9.3 version everything worked well, but on the 8.9.6, gitlab accounts with 2 factors authentication enable can not log in. They have the following error: “You’re not authorized to access this page. Please contact the administrator. Reason: Failed to authenticate with login ‘fredow68’”
Gitlab account without 2FA enable can log in without trouble.
There is no error message in sonarqube log file. May be i missed something in the configuration …
Hello, did you remove the gitlab-auth plugin while upgrading? Your settings should have been migrated from the community plugin to the embedded SQ default implementation. Still worth to double-check here that everything is correct, and you can also check your Gitlab app’s allowed scope.
I checked on gitlab.com, using 1password as one-time-password provider, and did not have any issue.
Thanks for you answer. I think i found where my problem comes: the login between the gitlab community plugin and the embedded SQ default implementation is not the same. In the plugin, it was the gitlab login and in the sonarqube default implementation it’s something like full name with gitlab userid.
So after i removed the SQ users directly in the database (i did not find a way to remove user into the web application, only deactivate), everything works well.
