Sonar-auth-oidc-plugin version compatibility

priyabelhekar · February 11, 2025, 8:38am

Current Version: sonarqube:10.7.0-community
Trying to deploy: sonarqube:25.1.0.102122-community

We use plugin sonar-auth-oidc-plugin in our Dockerfile: sonar-auth-oidc-plugin-2.1.1.jar - which is the latest available version here: GitHub - sonar-auth-oidc/sonar-auth-oidc: OpenID Connect (OIDC) Plugin for SonarQube

However when upgrading to ‘sonarqube:25.1.0.102122-community’ we get below error:

‘java.lang.IllegalStateException: Fail to load plugin OpenID Connect Authentication for SonarQube [authoidc]
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:81)
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:753)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:217)
at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:197)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:365)
at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:116)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:349)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NoClassDefFoundError: org/sonar/api/web/ServletFilter
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(Unknown Source)
at java.base/java.security.SecureClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Unknown Source)
at java.base/java.net.URLClassLoader.findClass(Unknown Source)
at org.sonar.classloader.ClassRealm.loadClassFromSelf(ClassRealm.java:135)
at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:37)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)
at org.vaulttec.sonarqube.auth.oidc.AuthOidcPlugin.define(AuthOidcPlugin.java:28)
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:71)
… 7 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.sonar.api.web.ServletFilter
at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)’

Is the plugin not compatible with the latest release?

FredericSouchon · February 10, 2025, 2:23pm

Hi,

We were using authoidc plugin 2.1.1 on sonarqube 9. This version is still in the compatiblity matrix but while trying it with sonarqube community build 2025.1 or 2025.2 we get this failure stacktrace using the official docker hub image :

2025.02.10 14:17:59 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
java.lang.IllegalStateException: Fail to load plugin OpenID Connect Authentication for SonarQube [authoidc]
        at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:81)
        at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:760)
        at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:217)
        at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:197)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:365)
        at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:116)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:349)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NoClassDefFoundError: org/sonar/api/web/ServletFilter
        at java.base/java.lang.ClassLoader.defineClass1(Native Method)
        at java.base/java.lang.ClassLoader.defineClass(Unknown Source)
        at java.base/java.security.SecureClassLoader.defineClass(Unknown Source)
        at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
        at java.base/java.net.URLClassLoader$1.run(Unknown Source)
        at java.base/java.net.URLClassLoader$1.run(Unknown Source)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/java.net.URLClassLoader.findClass(Unknown Source)
        at org.sonar.classloader.ClassRealm.loadClassFromSelf(ClassRealm.java:135)
        at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:37)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)
        at org.vaulttec.sonarqube.auth.oidc.AuthOidcPlugin.define(AuthOidcPlugin.java:28)
        at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:71)
        ... 7 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.sonar.api.web.ServletFilter
        at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)
        ... 21 common frames omitted

any clue ?

Thx in advance

Colin · February 11, 2025, 9:48am

Hey y’all.

You may want to follow this open ticket on the GitHub Repo for this plugin: Compatibility with latest Sonarqube Community Build (Community Build v25.1.0.102122) · Issue #81 · sonar-auth-oidc/sonar-auth-oidc · GitHub

Meanwhile, @ganncamp, it sounds like we should update the support in the Marketplace.

ganncamp · February 11, 2025, 1:25pm

Hi,

Thanks for the ping Colin. I’ve updated the matrices.

Ann

gian1200 · April 5, 2025, 2:29pm

Although there seems to be done some progress on that project (2 PRs), no new version has been released, yet.

I’d be nice to have an official OIDC support to avoid depending on 3rd party plugins

galakin · April 16, 2025, 1:12pm

Hello! Are there any new on this topic?
I Have the same error on a SonarQube instance that i’m managing and would like to update to the newer version of the community build while this error is preventing me to correctly update the version of SonarQube running on AWS

Colin · April 17, 2025, 7:57am

It sounds like while the maintainer hasn’t triggered an official release, there is a build you can download with support.

github.com/sonar-auth-oidc/sonar-auth-oidc

Compatibility with latest Sonarqube Community Build (Community Build v25.1.0.102122)

opened 08:35AM - 08 Jan 25 UTC

gschwienbacher

After upgrading to the latest Sonarqube Community Build **(Community Build v25.1….0.102122)** the startup with this plugin enabled fails for us: _web.log:_ ``` 2025.01.08 08:05:11 INFO web[][o.s.s.p.DetectPluginChange] Detect plugin changes 2025.01.08 08:05:11 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube java.lang.IllegalStateException: Fail to load plugin OpenID Connect Authentication for SonarQube [authoidc] at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:81) at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:753) at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:217) at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:197) at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:365) at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:116) at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:349) at java.base/java.lang.Thread.run(Unknown Source) Caused by: java.lang.NoClassDefFoundError: org/sonar/api/web/ServletFilter at java.base/java.lang.ClassLoader.defineClass1(Native Method) at java.base/java.lang.ClassLoader.defineClass(Unknown Source) at java.base/java.security.SecureClassLoader.defineClass(Unknown Source) at java.base/java.net.URLClassLoader.defineClass(Unknown Source) at java.base/java.net.URLClassLoader$1.run(Unknown Source) at java.base/java.net.URLClassLoader$1.run(Unknown Source) at java.base/java.security.AccessController.doPrivileged(Unknown Source) at java.base/java.net.URLClassLoader.findClass(Unknown Source) at org.sonar.classloader.ClassRealm.loadClassFromSelf(ClassRealm.java:135) at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:37) at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97) at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86) at org.vaulttec.sonarqube.auth.oidc.AuthOidcPlugin.define(AuthOidcPlugin.java:28) at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:71) ... 7 common frames omitted Caused by: java.lang.ClassNotFoundException: org.sonar.api.web.ServletFilter at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39) at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97) at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86) ... 21 common frames omitted 2025.01.08 08:05:12 INFO web[][o.h.v.i.util.Version] HV000001: Hibernate Validator null 2025.01.08 08:05:12 INFO web[][o.s.p.ProcessEntryPoint] Hard stopping process 2025.01.08 08:05:12 INFO web[][c.z.h.HikariDataSource] HikariPool-1 - Shutdown initiated... 2025.01.08 08:05:12 INFO web[][c.z.h.HikariDataSource] HikariPool-1 - Shutdown completed. ``` After removing the `sonar-auth-oidc-plugin-2.1.1.jar` from the **extensions/plugins/** directory, sonarqube starts up as expected. Is this only happening for us? Does this work for you / other users of this plugin? [https://docs.sonarsource.com/sonarqube-community-build/server-upgrade-and-maintenance/release-notes-and-notices/release-notes/#sonarqube-community-build-25.1.0.102122](https://docs.sonarsource.com/sonarqube-community-build/server-upgrade-and-maintenance/release-notes-and-notices/release-notes/#sonarqube-community-build-25.1.0.102122)

Sheela1 · April 22, 2025, 10:59am

Hello,

Looks like sonar-auth-oidc plugin version 2.1.1 is not compatible with sonar 2025.2-developer version. I dont see any error or anything abnormal in logs

Could you please help here if it is not compatible do we have any alternative?

gian1200 · May 26, 2025, 4:36pm

Hi team, sonar-auth-oidc v3.0.0 was released today. It seems to be working fine

ganncamp · June 2, 2025, 12:27pm

Hi,

The new maintainer has submitted a PR to update the Marketplace. I’ll process it once I dig out from being out for a week.

Ann

Topic		Replies	Views
Request for Reintroduction of OIDC Protocol Support SonarQube Server / Community Build	6	204	July 11, 2025
Sonarqube not running with OIDC Connect Authentication Plugin SonarQube Server / Community Build sonarqube , sso	1	57	April 24, 2025
We re trying to integrate SSO for sonar with OpenID Connect which we are facing this error SonarQube Server / Community Build	2	789	November 28, 2023
Sonar Java plugin 5.14.0.18788 crashes SonarQube SonarQube Server / Community Build java	2	1126	August 12, 2019
OIDC Okta Authentication is not working after upgrade of sonarqube to v9.9.2 SonarQube Server / Community Build sonarqube , scanner	7	578	May 13, 2025

Sonar-auth-oidc-plugin version compatibility

Related topics