I’m using SonarQube 7.9.2 and trying to setup authentication with LDAP and SAML. So far LDAP has been working without any problems. But with SAML there are problems. Looks like for Sonar LDAP and SAML accounts are different accounts, even if the username is the same. Eg.:
- User with username “jsmith” authenticates with LDAP. His account is created in the Sonar DB, group membership and email synced etc.
- The same “jsmith” user authenticates with SAML. SonarQube displays the following message:
The email address email@example.com is already associated to this user account:
By clicking on “Continue” you will associate this email address to another user account:
- The user is now unable to login to Sonar with LDAP account. Sonar displays “Authentication failed”. The logs show:
web[AXNYL28YStAp+BvnAQuR][auth.event] login failure [cause|Email ‘firstname.lastname@example.org’ is already used][method|FORM][provider|REALM|LDAP][IP|127.0.0.1|10.2.8.3][login|jsmith]
I see 2 problems here:
- For Sonar LDAP and SAML accounts are unique, even though the login/username is same for both.
- It is not possible to have more than one account with same email address.
I am a bit surprised with the problem 1, as it makes SSO unusable in our scenario. For every other tool I have configured SSO for so far, none has this problem. Is this working as designed, or is there a way to change such behaviour?