Details

      Description

      User authentication can be achieved through third-party systems (proxies/servers) in front of SQ server. HTTP requests reach SQ server after being authenticated and include HTTP headers containing user information (login but also optional fields like name or email).

      This mechanism is named "Remote User Token Authentication" in Nexus : http://books.sonatype.com/nexus-book/reference/rutauth.html.

      Here are the list of properties that will be added in sonar.properties to active this feature :

      #--------------------------------------------------------------------------------------------------
      # AUTHENTICATION
      
      # Enable authentication using HTTP headers
      #sonar.web.sso.enable=false
      
      # Name of the header to get the user login.
      # Only alphanumeric, '.' and '@' characters are allowed
      #sonar.web.sso.loginHeader=X-Forwarded-Login
      
      # Name of the header to get the user name
      #sonar.web.sso.nameHeader=X-Forwarded-Name
      
      # Name of the header to get the user email (optional)
      #sonar.web.sso.emailHeader=X-Forwarded-Email
      
      # Name of the header to get the list of user groups, separated by comma (optional).
      # If the sonar.sso.groupsHeader is set, the user will belong to those groups if groups exist in SonarQube. 
      # If none of the provided groups exists in SonarQube, the user won't belong to any group.
      # Note that the default group will NOT be automatically added when using SSO, it should be provided in the groups list, if needed.
      #sonar.web.sso.groupsHeader=X-Forwarded-Groups
      
      # Interval used to know when to refresh name, email and groups.
      # During this interval, if for instance the name of the user is changed in the header, it will only be updated after X minutes.
      #sonar.web.sso.refreshIntervalInMinutes=5
      
      1. apache_login.png
        146 kB
      2. config.png
        368 kB
      3. logged_in.png
        131 kB

        Issue Links

          Activity

          Hide
          julien.lancelot Julien Lancelot added a comment -

          Remko Gerbranda Thanks for this feedback, please use the mailing list to discuss about this use case.

          Show
          julien.lancelot Julien Lancelot added a comment - Remko Gerbranda Thanks for this feedback, please use the mailing list to discuss about this use case.
          Hide
          remko.gerbranda Remko Gerbranda added a comment -

          Julien Lancelot Can you guide me to the mailing list?

          Show
          remko.gerbranda Remko Gerbranda added a comment - Julien Lancelot Can you guide me to the mailing list?
          Show
          julien.lancelot Julien Lancelot added a comment - Remko Gerbranda Please use https://groups.google.com/forum/#!forum/sonarqube
          Hide
          ivette07mar Ivette M. added a comment -

          Hello, I configured this plug-in from https://github.com/jabbera/IisRemoteUserTokenAuthentication/blob/master/README.md in my SONARQUBE server , looks like it is working but I need your help to confirm if the Security /Force User Authentication in Sonarqube needs to be disabled (Forcing user authentication prevents anonymous users from accessing the SonarQube UI, or project data via the Web API.Some specific read-only Web APIs, including those required to prompt authentication, are still available anonymously.) this option is under Admin/Configuration/Security tabs .... cause if I enabled this again , the website asks me for some credentials and stays in a loop in sonarqube main page and it ask me again and again for credentials... until I give up...
          I just want to be sure the authentication in sonarqube needs to be disabled ...or enabled and if that is the case how can I fix the issue of asking me again and again for my credentials.
          Thank you very much!

          Show
          ivette07mar Ivette M. added a comment - Hello, I configured this plug-in from https://github.com/jabbera/IisRemoteUserTokenAuthentication/blob/master/README.md in my SONARQUBE server , looks like it is working but I need your help to confirm if the Security /Force User Authentication in Sonarqube needs to be disabled (Forcing user authentication prevents anonymous users from accessing the SonarQube UI, or project data via the Web API.Some specific read-only Web APIs, including those required to prompt authentication, are still available anonymously.) this option is under Admin/Configuration/Security tabs .... cause if I enabled this again , the website asks me for some credentials and stays in a loop in sonarqube main page and it ask me again and again for credentials... until I give up... I just want to be sure the authentication in sonarqube needs to be disabled ...or enabled and if that is the case how can I fix the issue of asking me again and again for my credentials. Thank you very much!
          Hide
          nicolas.bontoux Nicolas Bontoux added a comment -

          Hi Ivette M. , please do not seek help/discussion directly in Jira tickets, here's the go-to place to exchange with our community: https://community.sonarsource.com/

          Show
          nicolas.bontoux Nicolas Bontoux added a comment - Hi Ivette M. , please do not seek help/discussion directly in Jira tickets, here's the go-to place to exchange with our community: https://community.sonarsource.com/

            People

            • Assignee:
              julien.lancelot Julien Lancelot
              Reporter:
              simon.brandhof Simon Brandhof
            • Votes:
              16 Vote for this issue
              Watchers:
              24 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: