SAML syncing groups with AD is not working

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

    • SonarQube Community Edition
  • what are you trying to achieve

    • Synchronizing SonarQube Groups with Active Directory Groups
  • what have you tried so far to achieve this

    • SAML configuration is done and user can log in successfully
    • Created in the domain and as well in SonarQube a group with the exact same name
      • Inserted my account into the AAD group as member (SonarQube group left empty)
    • Added “SAML group attribute” like found in web.log
      • *btw. tried other values but all result in "List of groups returned by the identity provider '[]'
      • Using “” result in the web.log as:
        "List of groups returned by the identity provider '[]"
        • SonarQube group is still empty
        • Calling the graph-url directly, error:
        <message xml:lang="en">The specified api-version is invalid. The value must exactly match a supported version.</message>

Anyone any idea what to try or where to investigate next?

Hey there.

Unless your group name in SonarQube is, exactly, SonarQube isn’t doing any additional parsing to find out what that group actually is in AD. You’ll need to work with your Identity Provider to make sure a proper list of groups (Group_A, Group_B) is being returned.