Authentiction protocol

nbislicense · April 24, 2020, 2:38pm

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
what are you trying to achieve
what have you tried so far to achieve this

The version is Sonarqube 7.6
I’m stigging the sonarqube application server.
I would like to know what protocol is used to provide the secure authentication. If SOAP is used, does the application server provide extension to the SOAP protocol that provide secure authentication?

Wouter_Admiraal · April 27, 2020, 12:58pm

Hi @nbislicense,

We do not use SOAP. All communication with SonarQube happens via HTTP (HTTPS being highly recommended). Authentication and authorization happen using one of the following methods:

A token generated by the user (mostly for analysing code, and third-party tool access)
A JWT session (for the UI)

ganncamp · October 13, 2020, 3:47pm

FYI, from SonarQube 8.5 you’ll find new releases in the Iron Bank.

Ann

Topic		Replies	Views
SSL mutual authentication SonarQube Server / Community Build sonarqube	5	842	October 13, 2020
Cached authenticators SonarQube Server / Community Build sonarqube	3	466	October 13, 2020
Stig sonqrqube application server SonarQube Server / Community Build sonarqube	2	469	October 13, 2020
DoD Application Security and Development STIG Questions SonarQube Server / Community Build security	5	2928	February 11, 2021
Unique session identifiers SonarQube Server / Community Build sonarqube	2	828	October 13, 2020

Authentiction protocol

Related topics