Is it possible to use multi Authentication schemes [Azure AD / SonarQube User management ] to login Users?

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

SonarQube version 8.2

Is it possible to use multi Authentication schemes such as Azure AD / SonarQube User management to login Users in a single SonarQube installation?

Hi,

Welcome to the community!

There are actually a couple things here. If you’re using delegated authentication (e.g. Login in with GitHub, Azure DevOps &etc) you can use multiple of them at one time. If we’re talking about LDAP, SAML or HTTP header auth, you can only pick one.

At the same time, the native Sonarube user management is there as a fallback. IIRC, it’s tried automatically if LDAP auth fails & here it is in a “Log in with…” context:
Selection_999(408)

 
HTH,
Ann

Thanks for Your response.
It is interesting to see SonarQube integration with Azure DevOps to authenticate Users, I tried to lookup for documentation on this and was unsuccessful, it would help tremendously if you may point me to appropriate documentation. Thanks.

Uhm… it appears I may have misspoken, because I’m not finding those docs either. I’m going to do some digging.

 
Ann

Hi,

Sorry to have misled you. This kind of easy-peasy integration isn’t available for Azure DevOps Server, the way it is for GitHub & GitLab. There’s a community plugin and Azure AD via SAML, but that’s it.

 
:slightly_frowning_face:
Ann

Thanks much Ann

Hello Ann,

Thanks for your help with Altaf on this issue.

I’m working with him on setting up AD Integration, and there is one area that’s not clear in the Microsoft Documents for the SAML setup.

Once the AD Integration has been setup, the documentation says to reach out to Sonarqube Support for help with the local application user setup to be used with SSO.

Do you have any details on this, or a link to another document for the local user setup part, so that when a user logs in through the AD Integration, it has a local user to bind with and allow access?

Thanks and Regards,

Richard.

Hi @RichardC ,

Welcome to SonarSource Community! :sonarsource:

That section of the tutorial is incorrect. You do not need to contact our support team nor do you need to create the user locally inside SonarQube. Once you log in with SAML, the user will automatically bind to a SonarQube user that is linked to the user in Azure Active Directory. Just ignore that part of the tutorial and continue it.

Also, the “Sign on URL” on Azure AD side is not necessary. The tutorial mentions production or dev environment URLs, but for SonarQube SAML purposes, it’s not used. To play it safe, you can just use your public HTTPS URL (i.e. the sonar.core.serverBaseURL) value as your “Sign on URL”. For more information, please see Microsoft’s official SAML docs: Understand SAML-based single sign-on (SSO) for apps in Azure Active Directory | Microsoft Docs

Regards,
Joe

Hello Joe,

Thank you for the response … We seem to be able to get through the Microsoft SSO portion and get redirected to the Reply URI … This is where we see the following from SonarQube:

image

We’ve tried everything we can think of, but we can’t get SonarQube to log us in with the SSO Account.

Everything is correct as per the documentation … But there’s not much direction in relation to SAML and Azure AD.

Is there anything you could suggest?

Thanks and Regards,

Richard.