Why

It's not possible on a SonarQube instance to update the authentication system from one to another, without losing user permissions & preferences and issues assignment.
For instance, it should be possible to migrate from LDAP to SAML easily.

What

• As a SonarQube Administrator, I want SonarQube users to be able to authenticate with the new authentication system. I need to do it occasionally, I don't need to have a special UI to do that.
• As a SonarQube User, as soon as I was migrated to the new authentication system, I cannot authenticate to the old authentication system (If I do so, I'll lose all my permissions, preferences, and issues assignment).
• As a SonarQube User, when I was migrated to the new authentication system, I expect to keep my permissions, preferences, and issues previously assigned to me.

Out of scope:

• Migrating external users to local users.

How

A new web service should be created to allow to update the identity provider of a user:

• Action: POST api/users/update_identity_provider
• Description: Update identity provider information. It's only possible to migrate to an installed identity provider. Be careful that as soon as this information has been updated for a user, the user will only be able to authenticate on the new identity provider.
• Permission: Requires Administer System permission
• Parameters:
  • login: (Mandatory) User login
  • newExternalProvider: (Mandatory) New external provider. Only authentication system installed are available.
  • newExternalIdentity: (Optional) New external identity, usually the login used in the authentication system.

Note about newExternalProvider : it should contain sonarqube, which is the identity provider id used for local users and for LDAP.