You’re not authorized to access this page. Please contact the administrator. After Integrating with SAML Active directory

[IbrahimUmar]

Hi ,

I tried to configure my SonarQube with active directory and once its done. It is showing this message. When i put the debug mode on , it is showing me these logs. Kindly share your thoughts.

You’re not authorized to access this page. Please contact the administrator
When i enable debug mode , it showing me this message.

2019.12.10 14:33:21 ERROR web[AW7v2dtC1TkW09XXAAFy][o.a.a.a.AadIdentityProvider] Exception:java.lang.IllegalArgumentException: Group name cannot be empty

2019.12.10 14:33:21 DEBUG web[AW7v2dtC1TkW09XXAAFy][auth.event] login failure [cause|Plugin did not call authenticate][method|OAUTH2][provider|EXTERNAL|Microsoft][IP|fe80:0:0:0:7d51:23e6:bd8f:3644%2|195.145.101.4][login|]

2019.12.10 14:33:21 DEBUG web[AW7v2dtC1TkW09XXAAF0][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|fe80:0:0:0:7d51:23e6:bd8f:3644%2|195.145.101.4][login|]

Community Edition
Version 8.0 (build 29455)

Active Directory Plugin Version [1.1]

Please help me.

[IbrahimUmar]

Hi , I tried with Debug mode after restarting services and see the log here.

2019.12.11 13:15:11 ERROR web[AW704ZukHMcgUJoWAABO][o.a.a.a.AadIdentityProvider] Exception:java.lang.IllegalArgumentException: Group name cannot be empty
2019.12.11 13:15:11 DEBUG web[AW704ZukHMcgUJoWAABO][auth.event] login failure [cause|Plugin did not call authenticate][method|OAUTH2][provider|EXTERNAL|Microsoft][IP|fe80:0:0:0:7d51:23e6:bd8f:3644%2|195.145.101.4][login|]
2019.12.11 13:15:11 DEBUG web[AW704ZukHMcgUJoWAABQ][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|fe80:0:0:0:7d51:23e6:bd8f:3644%2|195.145.101.4][login|]
2019.12.11 13:15:11 DEBUG web[AW704ZukHMcgUJoWAABS][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|fe80:0:0:0:7d51:23e6:bd8f:3644%2|195.145.101.4][login|]
2019.12.11 13:15:12 DEBUG web[AW704ZukHMcgUJoWAABU][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|fe80:0:0:0:7d51:23e6:bd8f:3644%2|195.145.101.4][login|]
2019.12.11 13:15:12 DEBUG web[AW704ZukHMcgUJoWAABV][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|fe80:0:0:0:7d51:23e6:bd8f:3644%2|195.145.101.4][login|]
2019.12.11 13:15:12 DEBUG web[AW704ZukHMcgUJoWAABY][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|fe80:0:0:0:7d51:23e6:bd8f:3644%2|195.145.101.4][login|]
2019.12.11 13:15:14 DEBUG web[AW704ZukHMcgUJoWAABa][auth.event] login success [method|FORM][provider|LOCAL|local][IP|fe80:0:0:0:7d51:23e6:bd8f:3644%2|195.145.101.4][login|admin]
2019.12.11 13:15:20 DEBUG web[AW704ZukHMcgUJoWAABq][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@52d6f4be5 pairs: {GET /systemInfo HTTP/1.1: null}{User-Agent: SonarQube 8.0.0.29455 # 2C14AB32-AW6IDT8ka0RL2SvnBeUq Java/12.0.2}{Host: 127.0.0.1:14860}{Accept: text/html, image/gif, image/jpeg, *; q=.2, /; q=.2}{Connection: keep-alive}
2019.12.11 13:15:20 DEBUG web[AW704ZukHMcgUJoWAABq][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@490200d05 pairs: {null: HTTP/1.1 200 OK}{Content-Type: application/x-protobuf}{Date: Wed, 11 Dec 2019 12:15:20 GMT}{Connection: keep-alive}{Content-Length: 8474}

[srvrguy]

Based on the logs you posted, it looks like it's something to do with syncing groups. To see if that's the cause, try disabling the group sync feature. If that works, we can try and figure out why it's failing in that area.

[abelal83]

affecting my install as well and this has just recently started. Any reason why?

[IbrahimUmar]

@srvrguy for some reasons , we cant disable the sync group features. Is there any other workaround. I am doing this through SAML. It Looks there are complications if you are trying to synch active directory users with SonarQube.

[IbrahimUmar]

https://community.sonarsource.com/t/youre-not-authorized-to-access-this-page-please-contact-the-administrator-after-integrating-with-saml-active-directory/17600

[srvrguy]

I'm not really sure what is meant by not being able to disable group sync. However, it looks like PR #94 may resolve your issue. I'll try to get a proper compiled release out soon.

[IbrahimUmar]

Still unable to get answer of my Question.

[IbrahimUmar]

https://developercommunity.visualstudio.com/content/problem/896216/sonarqube-integration-with-saml.html

[srvrguy]

If you're still using this plugin, try the 1.2.0 RC2 release and let me know if it solves your issue.

Note that this plugin does not use SAML, and never has. It's using OAuth 2.0.

[kubragogebakan]

Hello @srvrguy

Do you have any update related the issue? I saw the error after AAD - SonarQube integration in web log file.
"Exception:org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException"
Also when tried to login using "Login with Microsoft" option, I have noticed "You're not authorized to access this page. Please contact the administrator."

SonarQube version is: 8.2
MS SQL Server version is: 12.00.2000
PS: We deploy the SQ as container on Azure Kubernetes Service.

Here is the full log getting from web log file.
2020.04.30 09:59:15 INFO web[][c.m.a.a.AuthenticationAuthority] [Correlation ID: 765f023c-2ab4-4ad6-ae17-3ffb7f3defb7] Instance discovery was successful
2020.04.30 09:59:15 DEBUG web[][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@492cfef213 pairs: {POST /16297908-3fdb-493e-8c51-7b060e600229/oauth2/token HTTP/1.1: null}{return-client-request-id: true}{client-request-id: 765f023c-2ab4-4ad6-ae17-3ffb7f3defb7}{x-client-CPU: amd64}{x-client-VER: 1.6.2}{x-client-SKU: java}{x-client-OS: Linux}{Content-Type: application/x-www-form-urlencoded; charset=UTF-8}{User-Agent: SonarQube 8.2.0.32929 # 67E6CD34-AXDy9ZlwhWD_lplUDmBO Java/11.0.6}{Host: login.microsoftonline.com}{Accept: text/html, image/gif, image/jpeg, *; q=.2, /; q=.2}{Connection: keep-alive}{Content-Length: 1089}
2020.04.30 09:59:16 DEBUG web[][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@19ce687f17 pairs: {null: HTTP/1.1 200 OK}{Cache-Control: no-cache, no-store}{Pragma: no-cache}{Content-Type: application/json; charset=utf-8}{Expires: -1}{Strict-Transport-Security: max-age=31536000; includeSubDomains}{X-Content-Type-Options: nosniff}{client-request-id: 765f023c-2ab4-4ad6-ae17-3ffb7f3defb7}{x-ms-request-id: c573ce36-ca97-4abd-b539-f18c77cb0f00}{x-ms-ests-server: 2.1.10433.14 - EST ProdSlices}{x-ms-clitelem: 1,0,0,,}{P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"}{Set-Cookie: fpc=Aj5KIsCZUl9CuwmlJmq3BCotowdQAQAAAHOYPNYOAAAA; expires=Sat, 30-May-2020 09:59:16 GMT; path=/; secure; HttpOnly; SameSite=None}{Set-Cookie: x-ms-gateway-slice=prod; path=/; SameSite=None; secure; HttpOnly}{Set-Cookie: stsservicecookie=ests; path=/; SameSite=None; secure; HttpOnly}{Date: Thu, 30 Apr 2020 09:59:15 GMT}{Content-Length: 4238}
2020.04.30 09:59:16 DEBUG web[][c.m.a.a.AuthenticationContext] [Correlation ID: 765f023c-2ab4-4ad6-ae17-3ffb7f3defb7] Access Token and Refresh Token were returned
2020.04.30 09:59:16 ERROR web[AXHKXSXoJ+mWDwTFAADk][o.a.a.a.AadIdentityProvider] Exception:org.sonar.server.authentication.exception.EmailAlreadyExistsRedirectionException
2020.04.30 09:59:16 DEBUG web[AXHKXSXoJ+mWDwTFAADk][auth.event] login failure [cause|Plugin did not call authenticate][method|OAUTH2][provider|EXTERNAL|Microsoft][IP|192.168.0.39|192.168.0.35][login|]
2020.04.30 09:59:16 DEBUG web[AXHKXSXoJ+mWDwTFAADm][auth.event] login failure [cause|User must be authenticated][method|BASIC][provider|LOCAL|local][IP|192.168.0.39|192.168.0.35][login|]
2020.04.30 09:59:47 INFO web[AXHKXSXoJ+mWDwTFAAD1][o.s.u.c.UpdateCenter] The plugin 'scmgit' version : 1.11.1.2008 has not been found on the update center.
2020.04.30 09:59:52 DEBUG web[AXHKXSXoJ+mWDwTFAAD2][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@7f69f62f5 pairs: {GET /systemInfo HTTP/1.1: null}{User-Agent: SonarQube 8.2.0.32929 # 67E6CD34-AXDy9ZlwhWD_lplUDmBO Java/11.0.6}{Host: 127.0.0.1:39211}{Accept: text/html, image/gif, image/jpeg, *; q=.2, /; q=.2}{Connection: keep-alive}
2020.04.30 09:59:52 DEBUG web[AXHKXSXoJ+mWDwTFAAD2][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@30e9acdc5 pairs: {null: HTTP/1.1 200 OK}{Content-Type: application/x-protobuf}{Date: Thu, 30 Apr 2020 09:59:52 GMT}{Connection: keep-alive}{Content-Length: 9377}

[IbrahimUmar]

Hi ,

Sorry to reply you late.

We decided to do manual authentication of SonarQube with Azure AD because , Azure AD failed to integrate SAML with Soanrqube.

[swapnil-nq]

Based on the logs you posted, it looks like it's something to do with syncing groups. To see if that's the cause, try disabling the group sync feature. If that works, we can try and figure out why it's failing in that area.

I tried this, but its giving me the same error.

[ASaiAnudeep]

I have faced the same issue.

But I was able to solve it by enabling the option Allow users to sign-up (sonar.auth.aad.allowUsersToSignUp) under Administration > Configuration > Azure Active Directory