- versions used (SonarQube, Scanner, Plugin, and any relevant extension)
SonarQube 9.1.0.47736 Developer Edition (from docker sonarqube:9.1.0-developer)
GitLab 14.4.2-ee (Premium Edition, Omnibus Installation) - error observed
The Login with Gitlab is available and one can successfully enter the Gitlab credentials, but upon successful login, one isn’t redirected to SonarQube (although the Callback URL in Gitlab was set tohttps://<IP>:<PORT>/oauth2/callback/gitlab), but to Gitlab.
There is a short page showing a manual redirect link in-between:
Interestingly, after this, if one manually re-visits the SonarQube IP:PORT, the log-in was successful.
Still in the web.log the following is logged:
WARN web[AX0pVQ771Ww8x0fzAAGu][o.s.s.a.AuthenticationError] Fail to callback authentication with 'gitlab'
com.github.scribejava.core.model.OAuth2AccessTokenErrorResponse: {"error":"invalid_grant","error_description":"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
at com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.generateError(OAuth2AccessTokenJsonExtractor.java:72)
at com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.extract(OAuth2AccessTokenJsonExtractor.java:40)
at com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor.extract(OAuth2AccessTokenJsonExtractor.java:18)
at com.github.scribejava.core.oauth.OAuth20Service.sendAccessTokenRequestSync(OAuth20Service.java:53)
at com.github.scribejava.core.oauth.OAuth20Service.getAccessToken(OAuth20Service.java:97)
at com.github.scribejava.core.oauth.OAuth20Service.getAccessToken(OAuth20Service.java:92)
at org.sonar.auth.gitlab.GitLabIdentityProvider.onCallback(GitLabIdentityProvider.java:115)
at org.sonar.auth.gitlab.GitLabIdentityProvider.callback(GitLabIdentityProvider.java:102)
at org.sonar.server.authentication.OAuth2CallbackFilter.handleOAuth2Provider(OAuth2CallbackFilter.java:92)
at org.sonar.server.authentication.OAuth2CallbackFilter.handleProvider(OAuth2CallbackFilter.java:75)
at org.sonar.server.authentication.OAuth2CallbackFilter.doFilter(OAuth2CallbackFilter.java:68)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.authentication.DefaultAdminCredentialsVerifierFilter.doFilter(DefaultAdminCredentialsVerifierFilter.java:89)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.plugins.PluginsRiskConsentFilter.doFilter(PluginsRiskConsentFilter.java:77)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
at jdk.internal.reflect.GeneratedMethodAccessor30.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:550)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:47)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:149)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:145)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:144)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
at jdk.internal.reflect.GeneratedMethodAccessor30.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
The certificates of the Gitlab server were imported successfully into the truststore, and one can import projects, sonarScanner reports successfully, and the log-in is successful as well.
- steps to reproduce
- potential workaround
Ignoring the failed auto-redirect and visit SonarQube manually after the log-in.