Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-13930

Allow migration of authentication system

    XMLWordPrintable

    Details

    • Edition:
      Community
    • Production Notes:
      None

      Description

      Why

      It's not possible on a SonarQube instance to update the authentication system from one to another, without losing user permissions & preferences and issues assignment.
      For instance, it should be possible to migrate from LDAP to SAML easily.

      What

      • As a SonarQube Administrator, I want SonarQube users to be able to authenticate with the new authentication system. I need to do it occasionally, I don't need to have a special UI to do that.
      • As a SonarQube User, as soon as I was migrated to the new authentication system, I cannot authenticate to the old authentication system (If I do so, I'll lose all my permissions, preferences, and issues assignment).
      • As a SonarQube User, when I was migrated to the new authentication system, I expect to keep my permissions, preferences, and issues previously assigned to me.

      Out of scope:

      • Migrating external users to local users.

      How

      A new web service should be created to allow to update the identity provider of a user:

      • Action: POST api/users/update_identity_provider
      • Description: Update identity provider information. It's only possible to migrate to an installed identity provider. Be careful that as soon as this information has been updated for a user, the user will only be able to authenticate on the new identity provider.
      • Permission: Requires Administer System permission
      • Parameters:
        • login: (Mandatory) User login
        • newExternalProvider: (Mandatory) New external provider. Only authentication system installed are available.
        • newExternalIdentity: (Optional) New external identity, usually the login used in the authentication system.

      Note about newExternalProvider : it should contain sonarqube, which is the identity provider id used for local users and for LDAP.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jacek.poreda Jacek Poreda
              Reporter:
              julien.lancelot Julien Lancelot
              Votes:
              8 Vote for this issue
              Watchers:
              11 Start watching this issue

                Dates

                Due:
                Created:
                Updated:
                Resolved: