LDAP Active Directory works but having to authenticate (SSO doesn't seem to work)


(Jeff Ruel) #1

I have set up SonarQube 7.5 on a Windows 2016 Server.

I’m using IIS as a reverse-proxy with URLRewrite module to access SonarQube with https (SSL).

I have configured the LDAP integration with Active Directory.

It works because if i enter my AD userrname and password, i can log into SonarQube.

But i’d like to achieve SSO, so that i wouldn’t have to login again in SonarQube (my current login should be used automatically and i shouldn’t have to log in again).

Am i missing something ?

Thanks !

Jeff


(Julien Lancelot) #2

Hi @Jeff_Zapotoczny,

In order to be able to not have to authenticate on SonarQube, you should use the HTTP Header Authentication.

Regards,
Julien Lancelot


(Jeff Ruel) #3

Thanks for the quick reply Julien.

So with the actual LDAP plugin, there is no way to achieve SSO if i understand correctly ?

Jeff


(Julien Lancelot) #4

Indeed


(Jeff Ruel) #5

If i go with my own reverse-proxy solution, i need it to be able to send the X-Forwarded-Groups header if i want some users to be in an administrators group instead of all users being in the default group :
#Name of the header to get the list of user groups, separated by comma (optional).

If the sonar.sso.groupsHeader is set, the user will belong to those groups if groups exist in SonarQube.

If none of the provided groups exists in SonarQube, the user will only belong to the default group.

Note that the default group will always be set.

#sonar.web.sso.groupsHeader=X-Forwarded-Groups

Am i understanding correctly ?

Jeff


(Julien Lancelot) #6

Users will always be assigned to the default group.
If you want them to also be assigned to other groups, you need indeed to use sonar.sso.groupsHeader.


(Jeff Ruel) #7

I had high hopes for the LDAP plugin with SSO because of this article i stumbled upon :
https://devblogs.microsoft.com/devops/support-for-active-directory-and-single-sign-on-sso-in-the-sonarqube-ldap-plugin/

I know it concerns version 1.5 of the plugin (and with SonarQube 7.5, the plugin is at version 2.2) but i was thinking it would still be possible.

Thanks again for your quick assistance !

Jeff