An error occurs when sonar-cas-plugin is used with a SonarQube instance of a version > v8.x:
2021.05.12 17:32:05 ERROR web[AXlhNIlBtn7nUNqpAAAB][o.s.p.c.CasIdentityProvider] authentication or logout failed
May 12 17:32:05 ces docker/sonar[1577]: org.sonar.server.authentication.event.AuthenticationException: Email 'email@address.com' is already used
The logs show that CAS successfully authenticates the request because an CAS ticket validator assertion was sucessfully created along with the user attributes:
(reformatted by me)
DEBUG web[AXlhNIlBtn7nUNqpAAAB][o.j.c.c.v.Cas30ServiceTicketValidator] Server response:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>admin</cas:user>
<cas:attributes>
<cas:mail>admin@admin.com</cas:mail>
<cas:surname>admin</cas:surname>
<cas:displayName>admin</cas:displayName>
<cas:givenName>admin</cas:givenName>
<cas:groups>manager-group</cas:groups>
<cas:groups>admin-group</cas:groups>
<cas:cn>admin</cas:cn>
<cas:username>admin</cas:username>
</cas:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>
May 12 17:32:05 ces docker/sonar[1577]: 2021.05.12 17:32:05 DEBUG web[AXlhNIlBtn7nUNqpAAAB][o.s.p.c.LoginHandler] Received assertion. Authenticating with user admin
SonarQube in turn drags its own identity provider into the database which results in false preconditions, ultimately failing the authentication process:
ERROR web[AXlhNIlBtn7nUNqpAAAB][o.s.p.c.CasIdentityProvider] authentication or logout failed
org.sonar.server.authentication.event.AuthenticationException: Email 'admin@admin.de' is already used
#011at org.sonar.server.authentication.event.AuthenticationException$Builder.build(AuthenticationException.java:103)
#011at org.sonar.server.authentication.UserRegistrarImpl.generateExistingEmailError(UserRegistrarImpl.java:242)
#011at org.sonar.server.authentication.UserRegistrarImpl.detectEmailUpdate(UserRegistrarImpl.java:148)
#011at org.sonar.server.authentication.UserRegistrarImpl.registerNewUser(UserRegistrarImpl.java:97)
#011at org.sonar.server.authentication.UserRegistrarImpl.register(UserRegistrarImpl.java:76)
#011at org.sonar.server.authentication.BaseContextFactory$ContextImpl.authenticate(BaseContextFactory.java:82)
...
Here is what SonarQube database says about the user being logged in (shortened):
select * from users;
Result: the column external_identitiy_provider ends up as sonarcube instead ofcas`.
An error occurs when sonar-cas-plugin is used with a SonarQube instance of a version > v8.x:
The constellation:
I used Postman to create and send a basic auth request to https://192.168.x.y/sonar/api/plugins/installed
The logs show that CAS successfully authenticates the request because an CAS ticket validator assertion was sucessfully created along with the user attributes:
(reformatted by me)
SonarQube in turn drags its own identity provider into the database which results in false preconditions, ultimately failing the authentication process:
Here is what SonarQube database says about the user being logged in (shortened):
Result: the column
external_identitiy_provider
ends up assonarcube instead of
cas`.Leading SonarQube bug ticket
This bug ticket was opened at SonarQube's.