SSO login is overwriting user access for already present users

  • versions used (SonarQube, Scanner, Plugin, and any relevant extension) : 8.9.3

Authentication and authorization is working fine with LDAP. We have group in AD named sonar-admins and same group in Sonarqube.When users login via ldap, sonar-admins gets assigned to users and authorizaiton works fine.

Now, we have setup headers based single sign-on in SonarQube. When same user belonging to sonar-admins group logs in to Sonarqube, his permissions are reset and user is signed in belonging to sonar-users group. After this when same user signs in authenticating via ldap ( without SSO ), user is assigned 2 goups in Sonarqube automatically :: sonar-users and sonar-admins. After this SSO authentication and authorization works fine.

Can you please help me get around the issue? Sonarqube is taking SSO users as a new user assigned then sonar-users group (which is default for new users) rather than mapping them against already present authorization.