Sonar login session for a user is not working as expected

SonarQube 7.8

We have recently upgraded sonarqube from 6.7.1 to 7.8. After the upgrade, we set up SAML for Azure SSO integration. When I login to sonarqube and then logout, the session logs out and when I again try to login, the pages reload as if it is logged in, but I am not logged in.
Is there an issue in session maintenance for the sonarqube 7.8? When I try the same in incognito, I can login for the first time ut when I logout, the same issue occurs.
The same happens for a normal user created from the user management page.

Hi,

First of all, could you please tell us which version of the sonar-auth-saml plugin you are using ?
Then, could you please set your server in DEBUG log (in Administration > System > Log level), log in and out and send us the last logs of logs/web.log ?

Thanks

1 Like

Hi Julien ,

Thanks for your reply and apologies for delay in response as I was out for vacation. The version is sonar-auth-saml-plugin-1.1.0.181. And Below is the web.log at debug level. The issues occurs when we use login with SAML plugin only.

I was able to see below log in web.log

2020.01.28 09:35:56 INFO web[AW9MhE9fkN0ejU/GBuN0][o.s.u.c.UpdateCenter] The plugin ‘authsaml’ version : 1.1.0.181 has not been found on the update center.

I am attaching the full logs for your reference.web.log.txt (64.8 KB)

Hi,

From what I see in the log, you are indeed never logout.
Just to be sure, have you tried to login and login during the time you were in DEBUG ?

Regards

Hi Julien,

That’s right. Once I login with SAML, I can see my name properly for the first time. But if I log out and do a login, it is not showing my name in the profile section, it just shows login icon again.

So as you say, when the log out is clicked, even-though the front end shows I am logged out , but the session is still running I believe. That is why when I try to login again, it just redirects to the homepage but the login icon was still appearing.

Are you using any proxy that could prevent the logout to happen ?

Could you check what happen in the web console from your browser when you click on the “Log out” button ? The following HTTP request should be sent : “api/authentication/logout”

The logout just redirects to URL https://sonarqube.gd.bose.com/projects# .

I couldn’t see requests going to “api/authentication/logout”.

Below is the console logs

Detail logs in txt formatconsole.txt (9.1 KB)

As there’s a redirection, the web browser is resetting history.
You should select something like “Preserve log” (Chrome), “Persist Logs” (Firefox) in the Inspect tool of your web browser.

Got it. Please check if this helps.

Fetch failed loading: POST “https://sonarqube.gd.bose.com/api/authentication/logout”.
submit @ VM794 main.m.6c3bf723.js:1
(anonymous) @ VM799 app.m.043dd838.chunk.js:1
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:26
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:37
componentDidMount @ VM858 375.m.80909705.chunk.js:1
Ba @ VM798 vendors-app.m.e65b894c.chunk.js:9
$a @ VM798 vendors-app.m.e65b894c.chunk.js:9
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:9
t.unstable_runWithPriority @ VM798 vendors-app.m.e65b894c.chunk.js:18
Ml @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ol @ VM798 vendors-app.m.e65b894c.chunk.js:9
_l @ VM798 vendors-app.m.e65b894c.chunk.js:9
Tl @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ja @ VM798 vendors-app.m.e65b894c.chunk.js:9
enqueueSetState @ VM798 vendors-app.m.e65b894c.chunk.js:9
O.setState @ VM796 10.m.48c63292.chunk.js:14
receiveComponent @ VM799 app.m.043dd838.chunk.js:1
(anonymous) @ VM799 app.m.043dd838.chunk.js:1
Promise.then (async)
componentDidMount @ VM799 app.m.043dd838.chunk.js:1
Ba @ VM798 vendors-app.m.e65b894c.chunk.js:9
$a @ VM798 vendors-app.m.e65b894c.chunk.js:9
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:9
t.unstable_runWithPriority @ VM798 vendors-app.m.e65b894c.chunk.js:18
Ml @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ol @ VM798 vendors-app.m.e65b894c.chunk.js:9
_l @ VM798 vendors-app.m.e65b894c.chunk.js:9
Tl @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ja @ VM798 vendors-app.m.e65b894c.chunk.js:9
enqueueSetState @ VM798 vendors-app.m.e65b894c.chunk.js:9
O.setState @ VM796 10.m.48c63292.chunk.js:14
receiveComponent @ VM799 app.m.043dd838.chunk.js:1
(anonymous) @ VM799 app.m.043dd838.chunk.js:1
Promise.then (async)
componentDidMount @ VM799 app.m.043dd838.chunk.js:1
Ba @ VM798 vendors-app.m.e65b894c.chunk.js:9
$a @ VM798 vendors-app.m.e65b894c.chunk.js:9
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:9
t.unstable_runWithPriority @ VM798 vendors-app.m.e65b894c.chunk.js:18
Ml @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ol @ VM798 vendors-app.m.e65b894c.chunk.js:9
_l @ VM798 vendors-app.m.e65b894c.chunk.js:9
Dl @ VM798 vendors-app.m.e65b894c.chunk.js:9
Pn @ VM798 vendors-app.m.e65b894c.chunk.js:9
Navigated to https://sonarqube.gd.bose.com/

Adding whole log in txt file console.txt (11.4 KB)

Hum, it’s not clear, is "Fetch failed loading: POST “https://sonarqube.gd.bose.com/api/authentication/logout”." an error message ?

Yeah its weird, It throws as error, but redirects again to homepage.