Groups not synchronizing in SAML delegated login

Must-share information (formatted with Markdown):

  • Sonarqube 7.9.1.27448 w/ SAML 2.0 plugin 1.1.0 (build 181)
  • I can’t get the groups returned from login to map to groups in sonaqube
  • login works, but saml request has the groups under the “groups” attribute

Is there a trick or limitation in getting the groups to map. Other wise the delegation is working fine.

Hm. Assuming you have the SAML group attribute set to the correct value in your SonarQube-side settings, I would expect the information to be syncing. Can you check that?

The other thing worth checking – do the groups already exist in SonarQube? That is a prerequisite for group membership to start syncing.

From the docs:

  • membership in a group is synched only if a group with the same name exists in SonarQube

Yes the groups are there, but maybe I am making assumptions. I get back about 12 groups and they look like
<saml:Attribute
Name=“groups”
NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified”>
<saml:AttributeValue
xsi:type=“xs:string”
xmlns:xs=“http://www.w3.org/2001/XMLSchema
xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”>
CN=ctct-autobots,
OU=GroupsSyncedFromGoogle,
OU=ServiceControlGroups,
OU=ControlAccounts,
DC=corp,
DC=spagetti,
DC=com
</saml:AttributeValue>
<saml:AttributeValue …
Is the group the whole value or just the CN value?

Simplified the value for the groups comging back to be the value of CN. It works now exactly was wanted

Glad you got it sorted!