Login should not start with .-_@


after Upgrading to 9.9 from 8.9, we face the following issue when creating users that starts with _:

2023.01.13 15:18:21 ERROR web[AYVy0mE3hmbIVM1LDe8x][o.s.s.a.CredentialsExternalAuthentication] 
Error during authentication org.sonar.server.exceptions.BadRequestException: Login should not start with .-_@

This is a result of SONAR-17291 where this limitation was introduced.

Is there any reasoning for this limitation? All our technical users are prefixed with _. Already existing users with a _ prefix are still able to login. So this only applies to new users being created.

System information:

  • SonarQube Community Edition:
  • External User Authentication: Crowd
  • Database: Oracle
  • java.runtime.name: OpenJDK Runtime Environment
  • java.runtime.version: 17.0.6+10-LTS
  • OS: SUSE Linux Enterprise Server 12 SP5 / Kernel 4.12.14-122.133-default

Hi Dennis, thanks for the feedback.

After examining this ticket and the corresponding code, it is due to a misunderstanding of the tickets.

I created a ticket to fix it : SONAR-18573

the fix is done and available in version 10.0.

Thank you! Any chance for a LTS backport?