SSO login is overwriting user access for already present users

  • versions used (SonarQube, Scanner, Plugin, and any relevant extension) : 8.9.3

Authentication and authorization is working fine with LDAP. We have group in AD named sonar-admins and same group in Sonarqube.When users login via ldap, sonar-admins gets assigned to users and authorizaiton works fine.

Now, we have setup headers based single sign-on in SonarQube. When same user belonging to sonar-admins group logs in to Sonarqube, his permissions are reset and user is signed in belonging to sonar-users group. After this when same user signs in authenticating via ldap ( without SSO ), user is assigned 2 goups in Sonarqube automatically :: sonar-users and sonar-admins. After this SSO authentication and authorization works fine.

Can you please help me get around the issue? Sonarqube is taking SSO users as a new user assigned then sonar-users group (which is default for new users) rather than mapping them against already present authorization.


So… you have two different authentication methods configured and one is populating the groups correctly at login and the other one removes them? Do you have group synchronization turned on for both methods? Are the group memberships passed correctly with both methods?


I have fixed it by delegating Authentication and Authorisation to SSO.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.