Best practice: How to realize SSO in conjunction with LDAPS

Hi there,

what is the “most easy or default” way to combine SSO (no tippytappy passwordstuff) with user/group auth via LDAPS?

Please advise me, if you might be able to suggest something :innocent:

Background:

I have realized a PoC handling the auth - integration via LDAPS settings and i am now trying the next step: Removing manual login procedures.

Whoa, dude! Is this a fishy fishing hack attempt?! I need to enter my credentials on the intranet???

After having read a 2-3 year old threa[d|t] :smiling_imp: which seems spot on but the answer slightly seems to question the question i am not really any wiser as to:

How do i best combine auth via LDAPS with SSO via $solution? I understand that those are two separate concepts … but how do i best combine them?

cheers
Daniel

Hey there.

Sounds like you’re looking for something like HTTP Header Authentication or SAML Authentication – SonarQube’s LDAP functionality does not allow for SSO (no tippytappy passwordstuff).

Hi @Colin_SonarSource !

I hope i am not expressing myself as too dumb here, but could you please expand on: XOR or AND? :nerd_face:

As SQs LDAP functionality does not allow for SSO would i best use

  • HTTP Header Auth / SAML in addition to LDAPS or
  • HTTP Header Auth / SAML or LDAPS

Having delivered “The groups a user is member of” via HTTP-Header-Value made me consider this question. Because why would i then need the LDAP-Auth? Maybe for example for a manual login by someone else at my PC (which would obviously accept to use tippitappy to enter different credentials)? :thinking:

Cheers
Daniel

Exclusive or.

HTTP Header Auth / SAML or LDAPS

The former are your options for a more SSO-like experience.

1 Like

TYVM :+1:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.