Must-share information (formatted with Markdown):
- which versions are you using
SonarQube Server Enterprise Edition 9.9 LTA
SonarQube Community v25.3.0.104237 - how is SonarQube deployed: zip, Docker, Helm
Zip-based installation - what are you trying to achieve
Enable SAML authentication with Azure AD, including group synchronization - what have you tried so far to achieve this
SAML authentication for individual users works perfectly.
Group used for sync already exists in SonarQube.
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)! - Issue Description
Group synchronization causes unexpected behavior in attribute mapping.
When the group attribute is not configured, the “Test Configuration” shows correctly parsed user data:
Working
SAML Authentication Test
success
Available attributes
| name | Ann Lee |
|---|---|
| ann.lee@example.com | |
| username | ann.lee |
Attribute mappings
| User name value | Ann Lee |
|---|---|
| User email value | ann.lee@example.com |
| User login value | ann.lee |
However, once the group attribute is added, the other attributes (name, email, username) are no longer resolved correctly and are instead treated as literal strings:
Broken
SAML Authentication Test
success
Available attributes
| name | name |
|---|---|
| username | username |
| group | 463297316424-RL-Administrator 922631523672-RL-Administrator 549515951151-RL-Administrator 479592264783-RL-Administrator |
Attribute mappings
| User name value | name |
|---|---|
| Groups value | 463297316424-RL-Administrator 922631523672-RL-Administrator 549515951151-RL-Administrator 479592264783-RL-Administrator |
| User email value | |
| User login value | username |
Any hint for it? Thank you!
Best Regards,
Lu Wang