I have encountered an issue where local group members are automatically removed from the group upon authentication. To address this, I followed the provided documentation GitHub authentication and GitHub integration: Manual group membership reset on login with GitHub and enabled SonarQube authentication through GitHub. Additionally, I enabled group synchronization and created a group with the name same as team name in GitHub organization.
Despite correctly configuring these settings, I am still experiencing the same problem. Group members are being evicted when they authenticate, and team members are not being updated in the SonarQube group even after a refresh.
Could you please investigate this issue and provide assistance in resolving it?
Here are the version details for the tools being used:
GitHub Enterprise Server: 3.8.3
SonarQube - Enterprise Edition: Version 9.9.2
The first step would be understanding if any groups are being retrieved on authentication when a user logs in.
You should up your log level (Global Administration > System > Log Level) and monitor the logsl/web.log file of your instance. You should see messages like this when a user logs in:
2021.11.23 14:42:13 DEBUG web[AX1I2JF4NXbosdIrAC8C][o.s.s.a.UserRegistrarImpl] List of groups returned by the identity provider '[]'
Thank you for your response. I appreciate your clarification. I apologize for the confusion caused earlier. I have enabled the group synchronization option in SonarQube, and as a result, I can now see the logs you mentioned. Specifically, I can observe the following log entry:
“2024.03.11 14:02:48 DEBUG web[AY3z+WTjjjzOowdHATXI][o.s.s.a.UserRegistrarImpl] List of groups returned by the identity provider ‘[]’”
I identified a couple of mistakes I made while attempting to synchronize the group:
I created the group in SonarQube without specifying the organization name at the beginning. Consequently, users were unable to synchronize into the SonarQube group.
I have now created a group in SonarQube following the correct format, which should be “Github-Organization-Name followed by Group name same as the GitHub team name you want to synchronize”. Upon user authentication, GitHub users are successfully synchronized into the corresponding SonarQube group.
While I have achieved the desired synchronization, I still have some doubts regarding permission mapping and its synchronization. I am referring to the SonarQube documentation provided in the following link: GitHub authentication
In the documentation, it mentions the option to edit the mapping for automatic provisioning. Please clarify where i can see the automatic provisioning option, whether its in sonarqube or github.I would appreciate it if you could clarify where I can find the automatic provisioning option. Specifically, please provide clear steps for mapping roles from GitHub to SonarQube.
You’re looking at documentation for a newer version of SonarQube – 10.4, which contains this feature. In SonarQube v9.9 LTS, you just have the group sync (not permissions sync).