SSO login is overwriting user access for already present users

V_S1 · November 23, 2021, 3:34pm

versions used (SonarQube, Scanner, Plugin, and any relevant extension) : 8.9.3

Authentication and authorization is working fine with LDAP. We have group in AD named sonar-admins and same group in Sonarqube.When users login via ldap, sonar-admins gets assigned to users and authorizaiton works fine.

Now, we have setup headers based single sign-on in SonarQube. When same user belonging to sonar-admins group logs in to Sonarqube, his permissions are reset and user is signed in belonging to sonar-users group. After this when same user signs in authenticating via ldap ( without SSO ), user is assigned 2 goups in Sonarqube automatically :: sonar-users and sonar-admins. After this SSO authentication and authorization works fine.

Can you please help me get around the issue? Sonarqube is taking SSO users as a new user assigned then sonar-users group (which is default for new users) rather than mapping them against already present authorization.

ganncamp · December 6, 2021, 6:03pm

Hi,

So… you have two different authentication methods configured and one is populating the groups correctly at login and the other one removes them? Do you have group synchronization turned on for both methods? Are the group memberships passed correctly with both methods?

Ann

V_S1 · December 15, 2021, 6:41am

I have fixed it by delegating Authentication and Authorisation to SSO.

system · December 22, 2021, 6:41am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.