I have set up SonarQube 7.5 on a Windows 2016 Server.

I’m using IIS as a reverse-proxy with URLRewrite module to access SonarQube with https (SSL).

I have configured the LDAP integration with Active Directory.

It works because if i enter my AD userrname and password, i can log into SonarQube.

But i’d like to achieve SSO, so that i wouldn’t have to login again in SonarQube (my current login should be used automatically and i shouldn’t have to log in again).

Am i missing something ?

Thanks !

Jeff

Hi @Jeff_Zapotoczny,

In order to be able to not have to authenticate on SonarQube, you should use the HTTP Header Authentication.

Regards,
Julien Lancelot

Thanks for the quick reply Julien.

So with the actual LDAP plugin, there is no way to achieve SSO if i understand correctly ?

Jeff

Indeed

If i go with my own reverse-proxy solution, i need it to be able to send the X-Forwarded-Groups header if i want some users to be in an administrators group instead of all users being in the default group :
#Name of the header to get the list of user groups, separated by comma (optional).

If the sonar.sso.groupsHeader is set, the user will belong to those groups if groups exist in SonarQube.

If none of the provided groups exists in SonarQube, the user will only belong to the default group.

Note that the default group will always be set.

#sonar.web.sso.groupsHeader=X-Forwarded-Groups

Am i understanding correctly ?

Jeff

Users will always be assigned to the default group.
If you want them to also be assigned to other groups, you need indeed to use sonar.sso.groupsHeader.

I had high hopes for the LDAP plugin with SSO because of this article i stumbled upon :
https://devblogs.microsoft.com/devops/support-for-active-directory-and-single-sign-on-sso-in-the-sonarqube-ldap-plugin/

I know it concerns version 1.5 of the plugin (and with SonarQube 7.5, the plugin is at version 2.2) but i was thinking it would still be possible.

Thanks again for your quick assistance !

Jeff