ActiveDirectoryPassword SQL Auth

I am trying to configure SQL to use ActiveDirectoryPassword authentication. I am getting this error:

“Failed to load MSAL4J Java library for performing ActiveDirectoryPassword authentication”

I have done this same configuration setup with other applications that use java so I know what JAR files I need (azure-identity, msal, and a few others) but I cannot seem to get the application to use them.

Has anyone else got this to work and if so, where do I need to have those JAR files for the application to use them?

Hey there.

You’re missing some important information listed in the topic template.

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

Server: Windows Server 2016 Datacenter
Database: Azure SQL
Version: SonarQube Developer Edition - Version 8.9.7 (build 52159)
Plugins:

  • Azure Active Directory Authenication Plug-in

Extensions: None

Thanks.

This is not something we’ve tested – and would require managing to add the MSAL library to the classpath of your SonarQube’s web process… at which point things get “hacky” and I’m not comfortable going further.

I’m happy to move this thread to the Product Manager for a Day category for SonarQube. First, it could be great if you gave some additional context about why you prefer this authentication mechanism over others.

Thanks for the update. That would be great if you would move to Product Manager for a Day!

The main reason that we like to use ActiveDirectoryPassword authentication is for security purposes. With SQL authentication user credentials are stored in SQL itself where ActiveDirectoryPassword uses Azure Active Directory.

Also, adding the MSAL library (or allowing customers to add classpath entries via the sonar.properties file similar to the wrapper.config) would allow customers that use Azure SQL Managed Instances to utilize ActiveDirectoryIntegrated authentication which is Azure’s equivalent to Integrated Authentication.

Here is a link that might give some insight into more of the differences.

I should also clarify that we cannot use ActiveDirectoryIntegrated because it requires a federation flow and we use Pass-Through instead of ADFS.