- which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension) : Sonar Qube Version: v9.9.5 (build 90363)
- how is SonarQube deployed: zip, Docker, Helm: : We use SonarQube Developer Edition, hosted on Windows
- what are you trying to achieve: SAML integration
- what have you tried so far to achieve this: SAML
I have issue with access when logging in using Ping Federation.
I have created groups in the Sonar Qube site manually.
memberships should automatically be updated at each user login.
But user is only added to the sonar-users default group.
In SAML configuration for the group attribute we have mapped memberOf field and we are group details for that attribute. But user is not getting that role access.
Please let me know what all details required will share it.
Hey there.
SonarQube expects that groups returned by your SAML value will be returned in the following format in the SAML response.
<Attribute Name="memberOf">
<AttributeValue>Group_1</AttributeValue>
<AttributeValue>Group_2</AttributeValue>
<AttributeValue>Group_3</AttributeValue>
</Attribute>
Right now, it looks like your IDP is returning a comma separated list of groups, which is interpreted by SonarQube as one single group.
You should discuss with the team handling your Identity Provider how to return the groups in the expected format.
Ping Federate SSO is working now, able to login to Sonar Qube with Email authentication.
Post login on the Users section I could see unique name generated for each user as login. How I can map that to the employeeID I am getting from the SAML.
Now that you have group sync working, I suggest you continue the conversation in the other thread you started: