Details

      Description

      User authentication can be achieved through third-party systems (proxies/servers) in front of SQ server. HTTP requests reach SQ server after being authenticated and include HTTP headers containing user information (login but also optional fields like name or email).

      This mechanism is named "Remote User Token Authentication" in Nexus : http://books.sonatype.com/nexus-book/reference/rutauth.html.

      Here are the list of properties that will be added in sonar.properties to active this feature :

      #--------------------------------------------------------------------------------------------------
      # AUTHENTICATION
      
      # Enable authentication using HTTP headers
      #sonar.web.sso.enable=false
      
      # Name of the header to get the user login.
      # Only alphanumeric, '.' and '@' characters are allowed
      #sonar.web.sso.loginHeader=X-Forwarded-Login
      
      # Name of the header to get the user name
      #sonar.web.sso.nameHeader=X-Forwarded-Name
      
      # Name of the header to get the user email (optional)
      #sonar.web.sso.emailHeader=X-Forwarded-Email
      
      # Name of the header to get the list of user groups, separated by comma (optional).
      # If the sonar.sso.groupsHeader is set, the user will belong to those groups if groups exist in SonarQube. 
      # If none of the provided groups exists in SonarQube, the user won't belong to any group.
      # Note that the default group will NOT be automatically added when using SSO, it should be provided in the groups list, if needed.
      #sonar.web.sso.groupsHeader=X-Forwarded-Groups
      
      # Interval used to know when to refresh name, email and groups.
      # During this interval, if for instance the name of the user is changed in the header, it will only be updated after X minutes.
      #sonar.web.sso.refreshIntervalInMinutes=5
      
      1. apache_login.png
        146 kB
      2. config.png
        368 kB
      3. logged_in.png
        131 kB

        Issue Links

          Activity

          Hide
          teryk.bellahsene Teryk Bellahsene added a comment -

          reviewed

          Show
          teryk.bellahsene Teryk Bellahsene added a comment - reviewed
          Hide
          remko.gerbranda Remko Gerbranda added a comment -

          I have a problem with sonar.web.sso.groupsHeader

          The groups returned by our IdP are separated by a semi-column
          And the values are the distinguished names

          LDAP attribute memberOf

          Example:
          memberOf: cn=sonar-administrators,ou=SonarQube,ou=Groups,dc=finalist,dc=lcl;cn=sonar-users,ou=SonarQube,ou=Groups,dc=finalist,dc=lcl

          I would like to have the option sonar.web.sso.groupsSeparator

          It would be nice if the script could filter out the cn

          Show
          remko.gerbranda Remko Gerbranda added a comment - I have a problem with sonar.web.sso.groupsHeader The groups returned by our IdP are separated by a semi-column And the values are the distinguished names LDAP attribute memberOf Example: memberOf: cn=sonar-administrators,ou=SonarQube,ou=Groups,dc=finalist,dc=lcl;cn=sonar-users,ou=SonarQube,ou=Groups,dc=finalist,dc=lcl I would like to have the option sonar.web.sso.groupsSeparator It would be nice if the script could filter out the cn
          Hide
          julien.lancelot Julien Lancelot added a comment -

          Remko Gerbranda Thanks for this feedback, please use the mailing list to discuss about this use case.

          Show
          julien.lancelot Julien Lancelot added a comment - Remko Gerbranda Thanks for this feedback, please use the mailing list to discuss about this use case.
          Hide
          remko.gerbranda Remko Gerbranda added a comment -

          Julien Lancelot Can you guide me to the mailing list?

          Show
          remko.gerbranda Remko Gerbranda added a comment - Julien Lancelot Can you guide me to the mailing list?
          Show
          julien.lancelot Julien Lancelot added a comment - Remko Gerbranda Please use https://groups.google.com/forum/#!forum/sonarqube

            People

            • Assignee:
              julien.lancelot Julien Lancelot
              Reporter:
              simon.brandhof Simon Brandhof
            • Votes:
              16 Vote for this issue
              Watchers:
              23 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: