Mapping multiple groups (using OneLogin)
MarcoAhrens opened this issue · 2 comments
Hi,
it appears that it's currently not possible to map comma separated arrays to groups in SonarQube.
We are using OneLogin and if we are mapping multiple groups, the plug-in will only map to sonar-users, instead to map to those multiple groups.
Again: Mapping singular groups works fine, only if I add more roles to be mapped it happens to be not functional.
Here's an example from our Logs where it does not work:
2020.05.19 10:08:18 DEBUG web[xxxxx][o.v.s.a.o.OidcIdentityProvider] Authenticating user 'abc' with groups [SonarQube xyz-Role,xyz Developers]
2020.05.19 10:08:18 DEBUG web[xxxxx][o.s.s.a.UserRegistrarImpl] List of groups returned by the identity provider '[SonarQube xyz-Role,xyz Developers]'
Here's an example from our logs where it does work:
2020.05.19 10:33:55 DEBUG web[xxxxx][o.v.s.a.o.OidcIdentityProvider] Authenticating user 'abc' with groups [SonarQube xyz-Role]
2020.05.19 10:33:55 DEBUG web[xxxxxx] List of groups returned by the identity provider '[SonarQube xyz-Role]'
Is that a mistake of mine? Or is there an issue with the array iteration?
Best,
Marco
This plugin uses the Nimbus OAuth 2.0 SDK to communicate with the identity provider. The group list is retrieved from the ID Token's claim set by Nimbus' UserInfo.getStringListClaim() as a Json string list, e.g. ["Group 1", "Group 2", "Group 3"].
Please check with your identity provider, that the group list claim is marshalled as a Json string array instead of a single string with a comma-separated list. In SonarQube's debug log the UserInfo Json object is available:
