Sonarqube Github Authentication

Dear Team,

I have encountered an issue where local group members are automatically removed from the group upon authentication. To address this, I followed the provided documentation GitHub authentication and GitHub integration: Manual group membership reset on login with GitHub and enabled SonarQube authentication through GitHub. Additionally, I enabled group synchronization and created a group with the name same as team name in GitHub organization.

Despite correctly configuring these settings, I am still experiencing the same problem. Group members are being evicted when they authenticate, and team members are not being updated in the SonarQube group even after a refresh.

Could you please investigate this issue and provide assistance in resolving it?

Here are the version details for the tools being used:

GitHub Enterprise Server: 3.8.3
SonarQube - Enterprise Edition: Version 9.9.2

Thank you for your attention to this matter.

Hey there.

The first step would be understanding if any groups are being retrieved on authentication when a user logs in.

You should up your log level (Global Administration > System > Log Level) and monitor the logsl/web.log file of your instance. You should see messages like this when a user logs in:

2021.11.23 14:42:13 DEBUG web[AX1I2JF4NXbosdIrAC8C][o.s.s.a.UserRegistrarImpl] List of groups returned by the identity provider '[]'

I don’t see any kind of above logs in my web log file

Did you increase the log level? What logs are you seeing related to authentication?

Hi Colin,

Thank you for your response. I appreciate your clarification. I apologize for the confusion caused earlier. I have enabled the group synchronization option in SonarQube, and as a result, I can now see the logs you mentioned. Specifically, I can observe the following log entry:

“2024.03.11 14:02:48 DEBUG web[AY3z+WTjjjzOowdHATXI][o.s.s.a.UserRegistrarImpl] List of groups returned by the identity provider ‘[]’”

I identified a couple of mistakes I made while attempting to synchronize the group:

  1. I created the group in SonarQube without specifying the organization name at the beginning. Consequently, users were unable to synchronize into the SonarQube group.
  2. I have now created a group in SonarQube following the correct format, which should be “Github-Organization-Name followed by Group name same as the GitHub team name you want to synchronize”. Upon user authentication, GitHub users are successfully synchronized into the corresponding SonarQube group.

While I have achieved the desired synchronization, I still have some doubts regarding permission mapping and its synchronization. I am referring to the SonarQube documentation provided in the following link: GitHub authentication

In the documentation, it mentions the option to edit the mapping for automatic provisioning. Please clarify where i can see the automatic provisioning option, whether its in sonarqube or github.I would appreciate it if you could clarify where I can find the automatic provisioning option. Specifically, please provide clear steps for mapping roles from GitHub to SonarQube.

You’re looking at documentation for a newer version of SonarQube – 10.4, which contains this feature. In SonarQube v9.9 LTS, you just have the group sync (not permissions sync).

Thank you so much for your response!

1 Like