Sonar-auth-oidc-plugin version compatibility

priyabelhekar · February 11, 2025, 8:38am

Current Version: sonarqube:10.7.0-community
Trying to deploy: sonarqube:25.1.0.102122-community

We use plugin sonar-auth-oidc-plugin in our Dockerfile: sonar-auth-oidc-plugin-2.1.1.jar - which is the latest available version here: GitHub - sonar-auth-oidc/sonar-auth-oidc: OpenID Connect (OIDC) Plugin for SonarQube

However when upgrading to ‘sonarqube:25.1.0.102122-community’ we get below error:

‘java.lang.IllegalStateException: Fail to load plugin OpenID Connect Authentication for SonarQube [authoidc]
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:81)
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:753)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:217)
at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:197)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:365)
at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:116)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:349)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NoClassDefFoundError: org/sonar/api/web/ServletFilter
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(Unknown Source)
at java.base/java.security.SecureClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Unknown Source)
at java.base/java.net.URLClassLoader.findClass(Unknown Source)
at org.sonar.classloader.ClassRealm.loadClassFromSelf(ClassRealm.java:135)
at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:37)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)
at org.vaulttec.sonarqube.auth.oidc.AuthOidcPlugin.define(AuthOidcPlugin.java:28)
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:71)
… 7 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.sonar.api.web.ServletFilter
at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)’

Is the plugin not compatible with the latest release?

FredericSouchon · February 10, 2025, 2:23pm

Hi,

We were using authoidc plugin 2.1.1 on sonarqube 9. This version is still in the compatiblity matrix but while trying it with sonarqube community build 2025.1 or 2025.2 we get this failure stacktrace using the official docker hub image :

2025.02.10 14:17:59 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
java.lang.IllegalStateException: Fail to load plugin OpenID Connect Authentication for SonarQube [authoidc]
        at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:81)
        at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:760)
        at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:217)
        at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:197)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:365)
        at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:116)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:349)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NoClassDefFoundError: org/sonar/api/web/ServletFilter
        at java.base/java.lang.ClassLoader.defineClass1(Native Method)
        at java.base/java.lang.ClassLoader.defineClass(Unknown Source)
        at java.base/java.security.SecureClassLoader.defineClass(Unknown Source)
        at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
        at java.base/java.net.URLClassLoader$1.run(Unknown Source)
        at java.base/java.net.URLClassLoader$1.run(Unknown Source)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/java.net.URLClassLoader.findClass(Unknown Source)
        at org.sonar.classloader.ClassRealm.loadClassFromSelf(ClassRealm.java:135)
        at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:37)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)
        at org.vaulttec.sonarqube.auth.oidc.AuthOidcPlugin.define(AuthOidcPlugin.java:28)
        at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:71)
        ... 7 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.sonar.api.web.ServletFilter
        at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)
        ... 21 common frames omitted

any clue ?

Thx in advance

Colin · February 11, 2025, 9:48am

Hey y’all.

You may want to follow this open ticket on the GitHub Repo for this plugin: Compatibility with latest Sonarqube Community Build (Community Build v25.1.0.102122) · Issue #81 · sonar-auth-oidc/sonar-auth-oidc · GitHub

Meanwhile, @ganncamp, it sounds like we should update the support in the Marketplace.

ganncamp · February 11, 2025, 1:25pm

Hi,

Thanks for the ping Colin. I’ve updated the matrices.

Ann