It's not possible on a SonarQube instance to update the authentication system from one to another, without losing user permissions & preferences and issues assignment.
For instance, it should be possible to migrate from LDAP to SAML easily.
- As a SonarQube Administrator, I want SonarQube users to be able to authenticate with the new authentication system. I need to do it occasionally, I don't need to have a special UI to do that.
- As a SonarQube User, as soon as I was migrated to the new authentication system, I cannot authenticate to the old authentication system (If I do so, I'll lose all my permissions, preferences, and issues assignment).
- As a SonarQube User, when I was migrated to the new authentication system, I expect to keep my permissions, preferences, and issues previously assigned to me.
Out of scope:
- Migrating external users to local users.
A new web service should be created to allow to update the identity provider of a user:
- Action: POST api/users/update_identity_provider
- Description: Update identity provider information. It's only possible to migrate to an installed identity provider. Be careful that as soon as this information has been updated for a user, the user will only be able to authenticate on the new identity provider.
- Permission: Requires Administer System permission
- login: (Mandatory) User login
- newExternalProvider: (Mandatory) New external provider. Only authentication system installed are available.
- newExternalIdentity: (Optional) New external identity, usually the login used in the authentication system.
Note about newExternalProvider : it should contain sonarqube, which is the identity provider id used for local users and for LDAP.