Sonar-auth-oidc-plugin version compatibility

Current Version: sonarqube:10.7.0-community
Trying to deploy: sonarqube:25.1.0.102122-community

We use plugin sonar-auth-oidc-plugin in our Dockerfile: sonar-auth-oidc-plugin-2.1.1.jar - which is the latest available version here: GitHub - sonar-auth-oidc/sonar-auth-oidc: OpenID Connect (OIDC) Plugin for SonarQube

However when upgrading to ‘sonarqube:25.1.0.102122-community’ we get below error:

‘java.lang.IllegalStateException: Fail to load plugin OpenID Connect Authentication for SonarQube [authoidc]
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:81)
at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:753)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:217)
at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:197)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:365)
at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:116)
at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:349)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NoClassDefFoundError: org/sonar/api/web/ServletFilter
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(Unknown Source)
at java.base/java.security.SecureClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Unknown Source)
at java.base/java.net.URLClassLoader.findClass(Unknown Source)
at org.sonar.classloader.ClassRealm.loadClassFromSelf(ClassRealm.java:135)
at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:37)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)
at org.vaulttec.sonarqube.auth.oidc.AuthOidcPlugin.define(AuthOidcPlugin.java:28)
at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:71)
… 7 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.sonar.api.web.ServletFilter
at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)’

Is the plugin not compatible with the latest release?

Hi,

We were using authoidc plugin 2.1.1 on sonarqube 9. This version is still in the compatiblity matrix but while trying it with sonarqube community build 2025.1 or 2025.2 we get this failure stacktrace using the official docker hub image :

2025.02.10 14:17:59 ERROR web[][o.s.s.p.Platform] Background initialization failed. Stopping SonarQube
java.lang.IllegalStateException: Fail to load plugin OpenID Connect Authentication for SonarQube [authoidc]
        at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:81)
        at org.sonar.server.platform.platformlevel.PlatformLevel4.start(PlatformLevel4.java:760)
        at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:217)
        at org.sonar.server.platform.PlatformImpl.startLevel34Containers(PlatformImpl.java:197)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.runIfNotAborted(PlatformImpl.java:365)
        at org.sonar.server.platform.PlatformImpl$1.doRun(PlatformImpl.java:116)
        at org.sonar.server.platform.PlatformImpl$AutoStarterRunnable.run(PlatformImpl.java:349)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.NoClassDefFoundError: org/sonar/api/web/ServletFilter
        at java.base/java.lang.ClassLoader.defineClass1(Native Method)
        at java.base/java.lang.ClassLoader.defineClass(Unknown Source)
        at java.base/java.security.SecureClassLoader.defineClass(Unknown Source)
        at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
        at java.base/java.net.URLClassLoader$1.run(Unknown Source)
        at java.base/java.net.URLClassLoader$1.run(Unknown Source)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/java.net.URLClassLoader.findClass(Unknown Source)
        at org.sonar.classloader.ClassRealm.loadClassFromSelf(ClassRealm.java:135)
        at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:37)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)
        at org.vaulttec.sonarqube.auth.oidc.AuthOidcPlugin.define(AuthOidcPlugin.java:28)
        at org.sonar.server.plugins.ServerExtensionInstaller.installExtensions(ServerExtensionInstaller.java:71)
        ... 7 common frames omitted
Caused by: java.lang.ClassNotFoundException: org.sonar.api.web.ServletFilter
        at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:39)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:97)
        at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:86)
        ... 21 common frames omitted

any clue ?

Thx in advance

Hey y’all.

You may want to follow this open ticket on the GitHub Repo for this plugin: Compatibility with latest Sonarqube Community Build (Community Build v25.1.0.102122) · Issue #81 · sonar-auth-oidc/sonar-auth-oidc · GitHub

Meanwhile, @ganncamp, it sounds like we should update the support in the Marketplace.

1 Like

Hi,

Thanks for the ping Colin. I’ve updated the matrices.

 
Ann

Although there seems to be done some progress on that project (2 PRs), no new version has been released, yet.

I’d be nice to have an official OIDC support to avoid depending on 3rd party plugins

2 Likes

Hello! Are there any new on this topic?
I Have the same error on a SonarQube instance that i’m managing and would like to update to the newer version of the community build while this error is preventing me to correctly update the version of SonarQube running on AWS

It sounds like while the maintainer hasn’t triggered an official release, there is a build you can download with support.

Hello,

Looks like sonar-auth-oidc plugin version 2.1.1 is not compatible with sonar 2025.2-developer version. I dont see any error or anything abnormal in logs

Could you please help here if it is not compatible do we have any alternative?

Hi team, sonar-auth-oidc v3.0.0 was released today. It seems to be working fine :slight_smile:

2 Likes

Hi,

The new maintainer has submitted a PR to update the Marketplace. I’ll process it once I dig out from being out for a week.

 
:slight_smile:
Ann