Uploaded image for project: 'Minimal Marketable Features'
  1. Minimal Marketable Features
  2. MMF-366

SonarQube & SonarQube.com: log information about authentication

    Details

      Description

      As an SonarQube operator, we need to detect intrusion tries in order to protect a public SonarQube instance with tools like fail2ban and we need to be warned when authentication with third party is not working.

      In order to be able to do this, we need to have a meaningful log when authentication is finished with a single log line:

      • IP:
      • X-Forwarded-For Header (it's a nice to have to have split field of IP and X-Forwarded-For)
      • login
      • status (successful or failure)
      • reason of failure (best effort here, we should not hide the stack trace for Github in order to be able to investigate manually the failure)
      • provider (github, ldap, default, ...)

      The must-have providers are internal and Github for hosted SonarQube instances.

      There is no configuration property for this.

      Some insight :

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                henri.gomez Henri Gomez (Inactive)
                Reporter:
                christophe.levis Christophe Levis
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: