Sonar login session for a user is not working as expected

SonarQube 7.8

We have recently upgraded sonarqube from 6.7.1 to 7.8. After the upgrade, we set up SAML for Azure SSO integration. When I login to sonarqube and then logout, the session logs out and when I again try to login, the pages reload as if it is logged in, but I am not logged in.
Is there an issue in session maintenance for the sonarqube 7.8? When I try the same in incognito, I can login for the first time ut when I logout, the same issue occurs.
The same happens for a normal user created from the user management page.

Hi,

First of all, could you please tell us which version of the sonar-auth-saml plugin you are using ?
Then, could you please set your server in DEBUG log (in Administration > System > Log level), log in and out and send us the last logs of logs/web.log ?

Thanks

1 Like

Hi Julien ,

Thanks for your reply and apologies for delay in response as I was out for vacation. The version is sonar-auth-saml-plugin-1.1.0.181. And Below is the web.log at debug level. The issues occurs when we use login with SAML plugin only.

I was able to see below log in web.log

2020.01.28 09:35:56 INFO web[AW9MhE9fkN0ejU/GBuN0][o.s.u.c.UpdateCenter] The plugin ā€˜authsaml’ version : 1.1.0.181 has not been found on the update center.

I am attaching the full logs for your reference.web.log.txt (64.8 KB)

Hi,

From what I see in the log, you are indeed never logout.
Just to be sure, have you tried to login and login during the time you were in DEBUG ?

Regards

Hi Julien,

That’s right. Once I login with SAML, I can see my name properly for the first time. But if I log out and do a login, it is not showing my name in the profile section, it just shows login icon again.

So as you say, when the log out is clicked, even-though the front end shows I am logged out , but the session is still running I believe. That is why when I try to login again, it just redirects to the homepage but the login icon was still appearing.

Are you using any proxy that could prevent the logout to happen ?

Could you check what happen in the web console from your browser when you click on the ā€œLog outā€ button ? The following HTTP request should be sent : ā€œapi/authentication/logoutā€

The logout just redirects to URL https://sonarqube.gd.bose.com/projects# .

I couldn’t see requests going to ā€œapi/authentication/logoutā€.

Below is the console logs

Detail logs in txt formatconsole.txt (9.1 KB)

As there’s a redirection, the web browser is resetting history.
You should select something like ā€œPreserve logā€ (Chrome), ā€œPersist Logsā€ (Firefox) in the Inspect tool of your web browser.

Got it. Please check if this helps.

Fetch failed loading: POST ā€œhttps://sonarqube.gd.bose.com/api/authentication/logoutā€.
submit @ VM794 main.m.6c3bf723.js:1
(anonymous) @ VM799 app.m.043dd838.chunk.js:1
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:26
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:37
componentDidMount @ VM858 375.m.80909705.chunk.js:1
Ba @ VM798 vendors-app.m.e65b894c.chunk.js:9
$a @ VM798 vendors-app.m.e65b894c.chunk.js:9
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:9
t.unstable_runWithPriority @ VM798 vendors-app.m.e65b894c.chunk.js:18
Ml @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ol @ VM798 vendors-app.m.e65b894c.chunk.js:9
_l @ VM798 vendors-app.m.e65b894c.chunk.js:9
Tl @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ja @ VM798 vendors-app.m.e65b894c.chunk.js:9
enqueueSetState @ VM798 vendors-app.m.e65b894c.chunk.js:9
O.setState @ VM796 10.m.48c63292.chunk.js:14
receiveComponent @ VM799 app.m.043dd838.chunk.js:1
(anonymous) @ VM799 app.m.043dd838.chunk.js:1
Promise.then (async)
componentDidMount @ VM799 app.m.043dd838.chunk.js:1
Ba @ VM798 vendors-app.m.e65b894c.chunk.js:9
$a @ VM798 vendors-app.m.e65b894c.chunk.js:9
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:9
t.unstable_runWithPriority @ VM798 vendors-app.m.e65b894c.chunk.js:18
Ml @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ol @ VM798 vendors-app.m.e65b894c.chunk.js:9
_l @ VM798 vendors-app.m.e65b894c.chunk.js:9
Tl @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ja @ VM798 vendors-app.m.e65b894c.chunk.js:9
enqueueSetState @ VM798 vendors-app.m.e65b894c.chunk.js:9
O.setState @ VM796 10.m.48c63292.chunk.js:14
receiveComponent @ VM799 app.m.043dd838.chunk.js:1
(anonymous) @ VM799 app.m.043dd838.chunk.js:1
Promise.then (async)
componentDidMount @ VM799 app.m.043dd838.chunk.js:1
Ba @ VM798 vendors-app.m.e65b894c.chunk.js:9
$a @ VM798 vendors-app.m.e65b894c.chunk.js:9
(anonymous) @ VM798 vendors-app.m.e65b894c.chunk.js:9
t.unstable_runWithPriority @ VM798 vendors-app.m.e65b894c.chunk.js:18
Ml @ VM798 vendors-app.m.e65b894c.chunk.js:9
Ol @ VM798 vendors-app.m.e65b894c.chunk.js:9
_l @ VM798 vendors-app.m.e65b894c.chunk.js:9
Dl @ VM798 vendors-app.m.e65b894c.chunk.js:9
Pn @ VM798 vendors-app.m.e65b894c.chunk.js:9
Navigated to https://sonarqube.gd.bose.com/

Adding whole log in txt file console.txt (11.4 KB)

Hum, it’s not clear, is "Fetch failed loading: POST ā€œhttps://sonarqube.gd.bose.com/api/authentication/logoutā€." an error message ?

Yeah its weird, It throws as error, but redirects again to homepage.