Mapping existing users with SAML plugin

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    SonarQube sonarqube-8.2.0
    sonar-auth-saml-8.2.0 (integrated)
  • what are you trying to achieve
    Users authorize with saml should have the same permission

After configure saml plugin I see that it create new user(e.g. Login: levin-yury55206 [SAML| yury.levin).
Is there any way/configuration do not create user if it exist (mapping user/permission).


SAML user will match only if the existing user login precisely match (case included IIRC). So if your existing user login is levin-yury55206 and its SAML one is yury.levin, that’s not a match.

There is no official way to overcome this, but here are some ideas:

  • change logins on your SAML provider maybe? Some providers allow to manage custom fields, so what you could do is to have one to put the SQ login, and make it available in the SAML response. This might solve your immediate situation, but could be a bit painful on the long term, especially for new users (you have to fill this custom field).
  • accept to recreate new users and manage it as is from here (knowing that Group assignment and user creation are automatic if you use SAML). If you don’t have so many users, I’ll recommend this.
  • alter the SQ database to change logins and make them match SAML ones. Ofc this must be handled with all required care (database backup, test first, do it on few users first, etc.). Note that this is not necessary less work that #2

I hope this will help.

Thank you for reply.

Users login(in db external_login) comes identical from ldap and saml. But saml created separate login e.g. levin-yury55206. A lot of projects, templates, groups was have configured permission based on existing users.

If I understood correctly no way to map saml user permission with existing one(it is separate user). Is it correct?