SAML for authentication, LDAP for authorization


we are currently running the latest LTS 8 but plan to switch to 9 anyways because of the missing JDK 17 support in 8.

Our internally developed SAML IdP is able to enforce MFA which we want to use. However it does not provide any group information so we may not use it for authorization.
In e.g. GitLab “groups” may be taken from LDAP which there is not used for authentication but only for authorization.
Is something similar possible in SonarQube as well?

Best Regards

Hey there.

This is not possible. All user data (including groups) must come from a single source of delegated authentication.

Hi @Colin, thanks for the quick answer. Then we must look into a workaround somehow.