I keep getting multiple error messages when I try to log into Sonarqube via the SAML login.
You’re not authorized to access this page. Please contact the administrator.
Fail to callback authentication with 'saml'
java.lang.NullPointerException: urn:oid:2.5.4.42 is missing
at java.base/java.util.Objects.requireNonNull(Objects.java:246)
at org.sonar.auth.saml.SamlIdentityProvider.getNonNullFirstAttribute(SamlIdentityProvider.java:166)
at org.sonar.auth.saml.SamlIdentityProvider.callback(SamlIdentityProvider.java:127)
at org.sonar.server.authentication.OAuth2CallbackFilter.handleOAuth2Provider(OAuth2CallbackFilter.java:92)
at org.sonar.server.authentication.OAuth2CallbackFilter.handleProvider(OAuth2CallbackFilter.java:75)
at org.sonar.server.authentication.OAuth2CallbackFilter.doFilter(OAuth2CallbackFilter.java:68)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.authentication.DefaultAdminCredentialsVerifierFilter.doFilter(DefaultAdminCredentialsVerifierFilter.java:89)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.plugins.PluginsRiskConsentFilter.doFilter(PluginsRiskConsentFilter.java:76)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:81)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:68)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:194)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:167)
You’re not authorized to access this page. Please contact the administrator.
Reason: This account is already associated with another authentication method. Sign in using the current authentication method, or contact your administrator to transfer your account to a different authentication method.
The 3rd error goes away if I change the recipient URL to HTTP and I am stuck with the 2nd error message now. I don’t know what it means by the different authentication methods.
Thanks for getting back. I have seen with the n number of tests that I performed yesterday that the error message keeps changing based on the information updated on the OneLogin side.
Please see the attached screenshot, and it would be great if you could let me know the values for each field.
EntityID
Recipient
ACS URL
Login URL
As per the OneLogin SAML connector, only ACS and ACS URL Validator are the required fields. If I fill in those fields, it says I also need to specify the recipient and Login URL. If I mention the Recipient URL, I get Error #3.
We are running Sonarqube as a service on Linux with systemd.
We are blocked and cannot go any further with the OneLogin integration. All I need is the field info to complete and test the integration. I am looking forward to your response.
It’s been 8 days since I reported this, and I am looking for a small piece of information from you guys. After all the trial and error, this is the only error we get when you try to access Sonarqube via SAML.
"You’re not authorized to access this page. Please contact the administrator.
Reason: This account is already associated with another authentication method. Sign in using the current authentication method, or contact your administrator to transfer your account to a different authentication method."
We do not have any other authentication method configured on the endpoint. Looking for some assistance here.
This is a community where users have the chance to ask for help, and many users have the chance to contribute. Please make sure to review our FAQ. You’ve also asked for a lot of different pieces of information, but (hopefully?) we’ve landed on just tsis question:
Even if a user has only logged in as a local user before, if the same username attempts to login (via a different authentication provider), the user must be migrated over to the new authentication provider (in this case, SAML).
You could try deleting the existing user in SonarQube, or migrating the user, as noted in this guide:
That was the issue. I removed the user from Sonarqube and added them on OneLogin. That worked! This is an important information that one should know for the integration or migration to work. I am not sure if this is mentioned clearly in the documentation. Thanks for your help and guidance.
