sonar-auth-aad icon indicating copy to clipboard operation
sonar-auth-aad copied to clipboard

Published 20 hours ago verified publisher icon hkamel

Not authorized if access is assigned by a group

Open CameronGo opened this issue 7 years ago • 3 comments

I'm having a problem where users get an unauthorized error when trying to login with AzureAD credentials if I assign a group to the AzureAd application. If I assign the user's account to the app directly they can access it without an issue. When the unauthorized error occurs, this is the event recorded in the Signin failure for the app in Azure AD:

Sign-in error code: 50105 The signed in user is not assigned to a role for the signed in application. Assign the user to the application. For more information: https://docs.microsoft.com/en-us/azure/active-directory/application-sign-in-problem-federated-sso-gallery#user-not-assigned-a-role.

I'm running community edition of SonarQube v7.3 and the 1.0 version of the plugin. Any idea why this is happening?

CameronGo avatar Oct 04 '18 03:10 CameronGo

Thanks @CameronGo for reporting this, I'm not sure if the scenario is supported or not but let me investigate from my side. we are also working on a release that is compatible with SonarQube v7.3, the current version of the plugin has some known compatibility issues.

Please check #40

hkamel avatar Oct 04 '18 12:10 hkamel

Same here (or almost) : aad groups are not well mapped. The use (me, for example) belongs to aad groups, and this group has admin rights (and the user itself does not have). When I log in, I belong to no group. I try to put me in the sonar groupe that have the same name as the aad group. I log out and log in : i'm not in any group anymore.

ggciteo avatar Jun 17 '20 16:06 ggciteo

Based on what you wrote, I think you have a different issue. This issue is about restricting login access by adjusting the requirement for user assignment and the users and groups access level.

It sounds like you're talking about the group sync feature. To use group sync, you need to do a bit more setup, which is documented at https://github.com/hkamel/sonar-auth-aad/wiki/Group-Sync. If you have this done and things are still not working, please open a new issue and we can try to troubleshoot.

srvrguy avatar Jun 18 '20 19:06 srvrguy

Issue is stale. Closing. If it persists in the latest release, please open a new issue.

srvrguy avatar Nov 11 '22 20:11 srvrguy