Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-15137

Authentication should not let users create a duplicate account with another Identity Provider

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 8.9.2, 9.1
    • Component/s: None
    • Labels:
      None
    • Edition:
      Community
    • Production Notes:
      None

      Description

      When a SonarQube instance is configured with multiple identity providers, users for whom the account has yet not been migrated can improperly start using a new identity provider and get locked out of their old accounts.

      In that situation, a duplicate account is created, losing the preferences and issues assigned to the old account. Also, when changing from LDAP to SAML, the old account is no longer accessible

      It should be up to SonarQube administrators to transition user accounts to a new identity provider.
      Users should not be able to associate their account with a new identity provider.

      The following message will be displayed:

      This account is already associated with another authentication method. Sign in using the current authentication method, or contact your administrator to transfer your account to a different authentication method.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jacek.poreda Jacek Poreda
              Reporter:
              christophe.levis Christophe Levis
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: