New install of Enterprise, default admin login not working

SonarQube
1

Hi. A green-field fresh install is not letting me in with the default admin credentials. All that happens is the login form redisplays. I’ve turned on “DEBUG” logging and am not really seeing anything helpful in the logs. Any assistance would be great.

Version: Enterprise 8.9.2.46101
Other details:

  • RHEL 8 with PostgreSQL 13 database and Apache httpd 2.4 reverse proxy in front of it.
  • sonar.web.host=127.0.0.1
  • Apache httpd config for now (have also tried something more like your example in “Operating the server”)
<VirtualHost *:80>
  ServerName squbedev1.our.org
  LogLevel warn
  <Proxy *>
    Require all granted
  </Proxy>
   ProxyPreserveHost On
   ProxyPass / http://127.0.0.1:9000/
   ProxyPassReverse / http://127.0.0.1:9000/
</VirtualHost>

sonar.20211013.log shows things are up and the default admin password is in use:

2021.10.13 10:56:00 WARN  app[][startup] Default Administrator credentials are still being used. Make sure to change the password or deactivate the account.
...
2021.10.13 10:56:27 INFO  app[][o.s.a.SchedulerImpl] Process[ce] is up
2021.10.13 10:56:27 DEBUG app[][o.s.a.p.ManagedProcessLifecycle] EventWatcher[ce] tryToMoveTo es from STARTED to STARTING => false
2021.10.13 10:56:27 DEBUG app[][o.s.a.p.ManagedProcessLifecycle] EventWatcher[ce] tryToMoveTo web from STARTED to STARTING => false
2021.10.13 10:56:27 DEBUG app[][o.s.a.p.ManagedProcessLifecycle] EventWatcher[ce] tryToMoveTo ce from STARTED to STARTING => false
2021.10.13 10:56:27 DEBUG app[][o.s.a.NodeLifecycle] EventWatcher[ce] tryToMoveTo from STARTING to OPERATIONAL => true
2021.10.13 10:56:27 INFO  app[][o.s.a.SchedulerImpl] SonarQube is up

I visit the front page, use admin and admin. I see a “Loading…” for 1 second and the page refreshes to show me the login page again with no error, no info. The following is generated from all of that.

access.log:

127.0.0.1 - - [13/Oct/2021:10:57:38 -0400] "GET / HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAA"
127.0.0.1 - - [13/Oct/2021:10:57:39 -0400] "GET /api/users/current HTTP/1.1" 401 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAC"
127.0.0.1 - - [13/Oct/2021:10:57:39 -0400] "GET /api/navigation/global HTTP/1.1" 401 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAD"
127.0.0.1 - - [13/Oct/2021:10:57:39 -0400] "GET /api/l10n/index?locale=en-US&ts=2021-10-13T14%3A51%3A44%2B0000 HTTP/1.1" 200 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAB"
127.0.0.1 - - [13/Oct/2021:10:57:39 -0400] "GET /sessions/new?return_to=%2F HTTP/1.1" 200 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAE"
127.0.0.1 - - [13/Oct/2021:10:57:39 -0400] "GET /api/navigation/global HTTP/1.1" 401 - "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAF"
127.0.0.1 - - [13/Oct/2021:10:57:39 -0400] "GET /api/l10n/index?locale=en-US&ts=2021-10-13T14%3A51%3A44%2B0000 HTTP/1.1" 200 - "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAG"
127.0.0.1 - - [13/Oct/2021:10:57:39 -0400] "GET /api/users/identity_providers HTTP/1.1" 200 24 "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAH"
127.0.0.1 - - [13/Oct/2021:10:58:23 -0400] "POST /api/authentication/login HTTP/1.1" 200 - "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAI"
127.0.0.1 - - [13/Oct/2021:10:58:23 -0400] "GET / HTTP/1.1" 200 - "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAJ"
127.0.0.1 - - [13/Oct/2021:10:58:24 -0400] "GET /api/l10n/index?locale=en-US&ts=2021-10-13T14%3A57%3A39%2B0000 HTTP/1.1" 304 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAK"
127.0.0.1 - - [13/Oct/2021:10:58:24 -0400] "GET /api/users/current HTTP/1.1" 401 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAL"
127.0.0.1 - - [13/Oct/2021:10:58:24 -0400] "GET /api/navigation/global HTTP/1.1" 401 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAM"
127.0.0.1 - - [13/Oct/2021:10:58:24 -0400] "GET /sessions/new?return_to=%2F HTTP/1.1" 200 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAN"
127.0.0.1 - - [13/Oct/2021:10:58:24 -0400] "GET /api/l10n/index?locale=en-US&ts=2021-10-13T14%3A58%3A24%2B0000 HTTP/1.1" 304 - "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAP"
127.0.0.1 - - [13/Oct/2021:10:58:24 -0400] "GET /api/navigation/global HTTP/1.1" 401 - "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAO"
127.0.0.1 - - [13/Oct/2021:10:58:24 -0400] "GET /api/users/identity_providers HTTP/1.1" 200 24 "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" "AXx6KKztvNPjvXb+AAAQ"

web.log:

2021.10.13 10:57:38 DEBUG web[AXx6KKztvNPjvXb+AAAA][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|10.12.113.148][login|]
2021.10.13 10:57:39 DEBUG web[AXx6KKztvNPjvXb+AAAC][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|10.12.113.148][login|]
2021.10.13 10:57:39 DEBUG web[AXx6KKztvNPjvXb+AAAD][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|10.12.113.148][login|]
2021.10.13 10:57:39 DEBUG web[AXx6KKztvNPjvXb+AAAF][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|10.12.113.148][login|]
2021.10.13 10:58:23 DEBUG web[AXx6KKztvNPjvXb+AAAI][auth.event] login success [method|FORM][provider|LOCAL|local][IP|127.0.0.1|10.12.113.148][login|admin]
2021.10.13 10:58:23 DEBUG web[AXx6KKztvNPjvXb+AAAJ][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|10.12.113.148][login|]
2021.10.13 10:58:24 DEBUG web[AXx6KKztvNPjvXb+AAAL][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|10.12.113.148][login|]
2021.10.13 10:58:24 DEBUG web[AXx6KKztvNPjvXb+AAAM][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|10.12.113.148][login|]
2021.10.13 10:58:24 DEBUG web[AXx6KKztvNPjvXb+AAAO][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|127.0.0.1|10.12.113.148][login|]

Apache httpd access_log:

10.12.113.148 - - [13/Oct/2021:11:24:02 -0400] "POST /api/authentication/login HTTP/1.1" 200 - "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" /api/authentication/login -
10.12.113.148 - - [13/Oct/2021:11:24:03 -0400] "GET / HTTP/1.1" 200 8641 "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" / -
10.12.113.148 - - [13/Oct/2021:11:24:03 -0400] "GET /api/l10n/index?locale=en-US&ts=2021-10-13T15%3A23%3A51%2B0000 HTTP/1.1" 304 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" /api/l10n/index -
10.12.113.148 - - [13/Oct/2021:11:24:03 -0400] "GET /api/users/current HTTP/1.1" 401 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" /api/users/current -
10.12.113.148 - - [13/Oct/2021:11:24:03 -0400] "GET /api/navigation/global HTTP/1.1" 401 - "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" /api/navigation/global -
10.12.113.148 - - [13/Oct/2021:11:24:03 -0400] "GET /sessions/new?return_to=%2F HTTP/1.1" 200 8641 "http://squbedev1.our.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" /sessions/new -
10.12.113.148 - - [13/Oct/2021:11:24:03 -0400] "GET /api/navigation/global HTTP/1.1" 401 - "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" /api/navigation/global -
10.12.113.148 - - [13/Oct/2021:11:24:03 -0400] "GET /api/l10n/index?locale=en-US&ts=2021-10-13T15%3A24%3A03%2B0000 HTTP/1.1" 304 - "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" /api/l10n/index -
10.12.113.148 - - [13/Oct/2021:11:24:03 -0400] "GET /api/users/identity_providers HTTP/1.1" 200 24 "http://squbedev1.our.org/sessions/new?return_to=%2F" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" /api/users/identity_providers -
2

Hi,

You haven’t delegated authentication, have you?

BTW, the docs cover resetting the admin password.

 
Ann

3

Hi Ann. No, we’ve not yet delegated authentication. I’m going small step by small step with this new green-field instance and stopped when I could not get in as admin/admin per the docs (which, yes, if I could get in, I would reset). The entirety of sonar.properties is:

sonar.jdbc.username=REDACTED
sonar.jdbc.password=REDACTED
sonar.jdbc.url=jdbc:postgresql://localhost/sonar
sonar.web.javaOpts=-Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -server
sonar.web.host=127.0.0.1
sonar.log.level.app=DEBUG
sonar.log.level.web=DEBUG
sonar.log.level.ce=DEBUG
sonar.log.level.es=INFO
4

And though it should not be necessary at this point, I did just now use the admin password reset instructions and the result is the same: I end up right back at the login form.

5

Hi,

2021.10.13 10:56:00 WARN  app[][startup] Default Administrator credentials are still being used. Make sure to change the password or deactivate the account.

Guess you will have to change the default admin password first.
https://jira.sonarsource.com/browse/SONAR-14175

Gilbert

6

Hi @jblaine,

When I look through some of the other threads about being redirected to the login page, the HTTPOnly cookie flag seems to be a key element. Do you have a proxy involved that might be altering/blocking the cookie? Are you using a web context other than the default? Can you try logging in in an incognito/private session?

 
Ann

7

Ann, the web context is the default. An incognito window in Chrome bought me nothing. I cannot imagine we have any proxy involved that is altering/blocking a HTTPOnly cookie. I can login with the local admin account just fine on our other Community Edition 8.x server using this same browser. :man_shrugging:t3:

8

This is what curl -o foo -I -v --basic --user admin:admin -L http://squbedev1.our.org returns. It’s trying to send me to the reset_password page but I never get there?

...
* Connection #0 to host squbedev1.our.org left intact
* Issue another request to this URL: 'http://squbedev1.our.org/account/reset_password'
* Found bundle for host squbedev1.our.org: 0x1bb7fb0
* Re-using existing connection! (#0) with host squbedev1.our.org
* Connected to squbedev1.our.org (10.20.1.149) port 80 (#0)
* Server auth using Basic with user 'admin'
> HEAD /account/reset_password HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.29.0
> Host: squbedev1.our.org
> Accept: */*
>
< HTTP/1.1 200
< Date: Wed, 13 Oct 2021 19:37:01 GMT
< Server: Apache
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=0; includeSubDomains; preload
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Cache-Control: no-cache, no-store, must-revalidate
< vary: accept-encoding
< Content-Type: text/html;charset=utf-8
< Transfer-Encoding: chunked
9

Thanks for the replies. This has been solved by duplicating the entirety of our Apache httpd configuration that is working for our Community Edition instance. Unfortunately, I am not quite sure what the exact issue was but am moving on.

1 Like
10

@ganncamp, circling back on this because I hit this problem again, yes, the following security-centric Apache httpd 2.4+ configuration line related to cookie handling is what breaks things if it is in place:

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

1 Like
11

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.