Problems accessing with Gitlab to the Dashboard: You're not authorized to access this page

Hi,

I’m trying to login to the dashboard with Gitlab. I have followed:

GitLab Authentication

You can delegate authentication to GitLab using a dedicated GitLab OAuth application.

Create a GitLab OAuth application from your GitLab account. Click here for general instructions.

  1. In the Name text box, name your app SonarQube.
  2. In the Redirect URI text box, enter your SonarQube URL with the path /oauth2/callback/gitlab/ . For example, https://YourSonarQubeURL.com/oauth2/callback/gitlab/ .
  3. Under Scopes , select api .

After saving your application, GitLab gives you your Application ID and Secret . Keep these at hand, open your SonarQube instance, and navigate to Administration > Configuration > General Settings > Security to finish setting up GitLab authentication:

  1. Set Enabled to true .
  2. Enter the Application ID provided by GitLab in the Application ID text box.
  3. Enter the Secret provided by GitLab in the Secret text box.

On the login form, the new “Log in with GitLab” button allows users to connect with their GitLab accounts.

But after pressing the login button redirecting me to gitlab and trying to enter, dashboard says: You’re not authorized to access this page. Contact the administrator.

Thank you very much for you help.

PD: It’s my first post if you need more info don’t hesitate to contact me.

Hey!

A heads up that there’s a known bug in the documentation related to the Redirect URI. It should be https://YourSonarQubeURL.com/oauth2/callback/gitlab instead of https://YourSonarQubeURL.com/oauth2/callback/gitlab/ (omitting the final slash). This documentation error will be addressed in the next version of SonarQube.

Any chance that correcting this URL in the Gitlab application addresses the issue?

Best regards,

Colin

Hi,
Thanks for the suggestion, I saw it on another thread and is not the case here. The url I have is: https://MyDomain.com/oauth2/callback/gitlab

Did you enabled group sync ? Is it possible that once logged in with gitlab, you are successfully authenticated but have no permission to browse projects ?

You can check this by login with the admin credentials, and go to Administration, Security, Users, and check that a user was created from gitlab.

Thanks for the heads-up. Next stop should be your web.log file in your */logs/*directory to see if it’s throwing an error inside (perhaps not exactly the same as this one, but similar)

2019.11.25 13:17:08 WARN  web[AW6Ehd9FjzGMbYPqAAmP][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab'
java.lang.IllegalArgumentException: Cannot encode null object
	at com.github.scribejava.core.utils.Preconditions.check(Preconditions.java:49)
	at com.github.scribejava.core.utils.Preconditions.checkNotNull(Preconditions.java:19)
	at com.github.scribejava.core.utils.OAuthEncoder.encode(OAuthEncoder.java:26)

Hi guys,

First, I have checked users in Administration, Security, Users, and none is created from Gitlab.

Secondly, browsing into web.log in debug mode i have the next output:

 2019.11.25 12:38:43 DEBUG web[AW6ij26yeeVAJIw+AAA4][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@5c78c78c8 pairs: {POST //oauth/token HTTP/1.1: null}{Authorization: Basic MTc4OGZhZDI4NzJmZTBlMzViODk3NjYyYzBhY2MwNzUyMGY3MGU2YmI1NWUwZGU1NmZmOTk0NjA5ZmVjZTljNDo0N2RhYjI3ZjhkODZkZjYzMzM4MzdhZmNlOGRjOGIyZmU4NGMwNmI3NDQ5YWQ5NTU5NjZjYWQ0Y2E1MWQ0YzE4}{Content-Type: application/x-www-form-urlencoded}{User-Agent: SonarQube 8.0.0.29455 # 32FADB56-AW3VcjXFRdKZ1m2JCZno Java/11.0.4}{Host: gitlab.com}{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}{Connection: keep-alive}{Content-Length: 175}
2019.11.25 12:38:43 DEBUG web[AW6ij26yeeVAJIw+AAA4][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@45d2ad524 pairs: {null: HTTP/1.1 308 Permanent Redirect}{Content-length: 0}{Location: https://gitlab.com/oauth/token}{Connection: close}
2019.11.25 12:38:43 WARN  web[AW6ij26yeeVAJIw+AAA4][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab'
java.lang.IllegalArgumentException: Response body is incorrect. Can't extract a token from an empty string

Interesting. Did you happen to change the GitLab URL in the SonarQube settings? If so, to what?

Your error shows:

POST //oauth/token HTTP/1.1

And that extra slash at the beginning of //oauth/token seems suspcious.

I don’t know why I had changed the default gitlab url with: https://gitlab.com/
Note the final slash That is causing this error and didn’t notice it. What a stupid mistake for my part.

I’m very grateful to you I have been stuck here for hours…

Don’t beat yourself up about it. There might be some additional validation of the URL that should be done on SonarQube’s side. I’ll ping internally. Glad you’ve got it sorted!

2 posts were split to a new topic: Delegate authentication to GitLab with a custom SSL certificate