Not able to configure SonarQube with Azure SQL with authentication=ActiveDirectoryManagedIdentity

SonarQube Server / Community Build
,
1
  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) => SonarQube 10.1.0 (evaluation version)
  • how is SonarQube deployed: zip, Docker, Helm => via. zip (from SonarQube)
  • what are you trying to achieve => Trying to setup SonarQube with Azure SQL DB without hardcoding any user and password anywhere in the SonarQube host

SonarQube Environment Context:

  • SonarQube version : 10.1.0 (evaluation version)

  • Java : java 17.0.7 2023-04-18 LTS Java(TM) SE Runtime Environment (build 17.0.7+8-LTS-224) Java HotSpot(TM) 64-Bit Server VM (build 17.0.7+8-LTS-224, mixed mode, sharing)

  • SonarQube Host: Windows Server 2019 Datacenter (in Azure)

  • SonarQube HOST is configured with System Assigned Managed Identity

  • Azure SQL DB configured with the correct Managed Identity configurations, verified with Sql Server Management Studio from SonarQube VM

  • SonarQube property files => * sonar.jdbc.url=jdbc:sqlserver://my-sqlserver.database.windows.net:1433;database=ms-sql-db-sonar;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;user=<SONAR VM IdentityId>;Authentication= ActiveDirectoryManagedIdentity ;

    • Microsoft SQL JDBC Driver version (built-in with SonarQube): mssql-jdbc-12.2.0.jre11
    • SonarQube is executing as of now in a Console mode

Error received in web log:
Facing the following Issue when we are starting the sonar by executing StartSonar from (\bin\windows-x86-64):

2023.07.14 21:41:33 ERROR web[][c.z.h.p.HikariPool] HikariPool-1 - Exception during pool initialization.
com.microsoft.sqlserver.jdbc.SQLServerException: Failed to load MSAL4J Java library for performing ActiveDirectoryManagedIdentity authentication.
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.getFedAuthToken(SQLServerConnection.java:5642)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.onFedAuthInfo(SQLServerConnection.java:5618)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.processFedAuthInfo(SQLServerConnection.java:5463)
    at com.microsoft.sqlserver.jdbc.TDSTokenHandler.onFedAuthInfo(tdsparser.java:311)
    at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:131)
    at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:42)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:6490)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:5068)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:5002)

Query:

  • Is at all SonarQube supports the “ActiveDirectoryManagedIdentity” Authentication mode with Azure SQL DB?

  • If the above is supported, Can anybody help me to describe the steps to configure it properly?

  • If at all the above is not supported, Is there any simple way to completely secure the user and password information of SQL Connection in SonarQube? As of now, it is hardcoded in sonar.properties file

2

Hi,

I guess you’re trying to use “integrated security”? If so, the docs cover this.

 
HTH,
Ann

3

Hello G Ann Campbell,

Thanks for your response. I already followed the the docs but still no luck.

I found the solution by myself. But still not sure about the root cause.

Actually what I found that built-in mssql driver “mssql-jdbc-12.2.0.jre11” that shipped with SonarQube 10.1.0 (evaluation version) was NOT working as per the above context/configurations.

Instead, I downloaded the mssql-jdbc-11.2.3.jre17.jar from Maven and then only it worked for SonarQube 10.1.0 (evaluation version).

Similarly, for SonarQube 9.9 (LTS) (evaluation version) => mssql-jdbc-11.2.2.jre17.jar driver is Only working (instead of the built-in drivers)

Thanks
Mithun

4

Hi Mithun,

Thanks for coming back with this valuable information! I’m going to pass it on internally.

 
Ann

6

Hi G Ann Campbell,

Thanks a lot for your co-ordination.

Please be informed that for the above mentioned driver, the sql connection string need to be adjusted like following:

sonar.jdbc.url=jdbc:sqlserver://tcp:[[server name]].database.windows.net,1433;database=[[db name]];encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;Authentication=ActiveDirectoryMSI

As per the Microsoft documentation.

Just sharing with you, in case if you require that.

Thanks
Mithun

1 Like
9

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

11

Did you manage to get this working in the end?

I’m using SonarQube 10.1.0-Community with the mssql-jdbc-11.2.3.jre17.jar. Using sonar.jdbc.url=jdbc:sqlserver://[[server name]].database.windows.net:1433;database=[[db name]];encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;Authentication=ActiveDirectoryMSI, I did switch tcp:[[server name]].database.windows.net,1433 → [[server name]].database.windows.net:1433

Still seeing the same error detailed above