Only one user is allowed to log in via SSO at a time #53
Comments
|
@IanMoroney I have also experienced the same problem. It's very weird. We've installed 1.0 and later updated to 1.1rc1 of sonar-auth-aad. It's still the same problem |
|
Any known workaround @kalyanrajsista ? |
|
Not that I am aware of. I looked at the database table (dbo.users) and user is being replaced. |
|
damn. wish @hkamel was around to take a look |
|
From a bit of digging, it appears that all users get assigned the same uuid parameter in the database when they are updated so unique users do not get created. In 7.2 there were some changes around this to allow linking of multiple accounts from different Idps https://github.com/SonarSource/sonarqube/blob/4bccde70aab57079a0c7b6055528f776fac315fe/sonar-plugin-api/src/main/java/org/sonar/api/server/authentication/UserIdentity.java#L59 I don't really see anything wrong with the code in the AAD plugin. This may help @hkamel identify the issue quicker though. |
|
I can confirm that this does happen in version 7.2.1 and does not happen in version 7.0 |
|
This issue has been fixed in master by 5e1f3c2 |
|
nice! thanks for the update @julienlancelot |
|
And to give more context, this issue is happening starting SonarQube 7.2, when we've worked on the ability to take into account login renaming (https://jira.sonarsource.com/browse/SONAR-10599). Moreoever, this would have never happened if the provider login provided by the plugin was a real user login and not "Azure AD" . |
|
@julienlancelot @hkamel : should this plugin be considered unsupported / no longer maintained? New releases haven't been created for a long time. There are several issues with this plugin that make it hard to use with versions other the LTS 6.7.x releases of SonarQube. As a customer with a commercial license for the Sonarqube tool I need to have a reliable way to use Azure AD for authentication. I understand that the current status of this plugin is that of a community plugin, but if Sonar won't make this plugin work somehow, they will loose my organisation as a customer... |
|
@arjanschaaf this plugin is under the umbrella of the community, not not under the umbrella of SonarSource (but plugins from https://github.com/SonarSource are). |
|
@julienlancelot how should I go about participating? I would love to help out, as do many others. Most issues blocking SonarSource customers already have a pull request in place to fix it. But we are not the maintainers of this project and can't approve pull requests and/or create new releases. That's the pitfall with open source plugins on which paying customers of SonarSource depend. So don't hide behind the open source community and notice as an organisation that more and more of your customers start depending on an unsupported plugin. For a situation (external authentication) where almost all similar plugins are part for the https://github.com/SonarSource project and do get support:
I'm would like to propose that you clone & adapt this project and start maintaining it as SonarSource or develop a new plugin that is supported by SonarSource. Just like all other authentication plugins. Authentication is to important for your paying customers to let it depend on the open source community keeping it up to date with new SonarQube releases... |
|
No harm in forking, updating and issuing a PR for all the changes you make. |
|
What I was suggesting @arjanschaaf, but that may be not clear, is that if you want to maintain this project, you only have to ask to become maintainer of this plugin. |
|
Moreover, please take note that not all authentication plugins are under the SonarSource umbrella, for instance : |
|
@julienlancelot I would seriously consider helping out by maintaining this plugin. I still strongly feel that actually releasing this plugin should be done with at least some help from the SonarSource team. Looking at the release history of the project, it seems that all releases were done by an SonarSource employee @fmallet |
|
@arjanschaaf, in order to be able to contribute, please send a new message on https://community.sonarsource.com/c/plugins, explaining you want to work on this plugin (please give your GitHub ID). |
|
Thank you all, and sorry for the delay. we are working on a new release with the above issues fixed. currently testing the release to validate multiple scenarios especially the upgrade from older version to fix external_login and UUID uniqueness issues. |
|
A new draft release has been published 1.1-RC2 the announcement has been sent to the official SonarSource community to kick the official release. Thank you everyone for your contributions and @srvrguy big thank you for you great efforts and contributions |
|
Thank you all, this solved my problems here 👍 |
|
[EDIT: NVM! RC2 installed for 1.1 did the trick] Any chance something has broken recently around this? I was at 7.3 and just upgraded to 7.7. Prior to that we had a few users in the DB that were manually entered. Now the AAD login works great but it's showing the same scenario. Any user logging in overrides the one previous. A refresh on the original user's screen magically logs them in as the new user. |
Interesting scenario...
Configured sonarqube and single sign-on is working via Azure AD.
When User A logs in, their user account is listed under the users section.
When User B logs in, User A is removed and User B is listed under the users section.
When User A tries to navigate to another tab, they are asked to log in again.
When User A logs back in, User B is removed and User A is listed under the users section.
Very odd.
Any ideas?
The text was updated successfully, but these errors were encountered: