Not able to configure SonarQube with Azure SQL with authentication=ActiveDirectoryManagedIdentity

sen.mithun.383 · July 17, 2023, 6:30am

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) => SonarQube 10.1.0 (evaluation version)
how is SonarQube deployed: zip, Docker, Helm => via. zip (from SonarQube)
what are you trying to achieve => Trying to setup SonarQube with Azure SQL DB without hardcoding any user and password anywhere in the SonarQube host

SonarQube Environment Context:

SonarQube version : 10.1.0 (evaluation version)
Java : java 17.0.7 2023-04-18 LTS Java(TM) SE Runtime Environment (build 17.0.7+8-LTS-224) Java HotSpot(TM) 64-Bit Server VM (build 17.0.7+8-LTS-224, mixed mode, sharing)
SonarQube Host: Windows Server 2019 Datacenter (in Azure)
SonarQube HOST is configured with System Assigned Managed Identity
Azure SQL DB configured with the correct Managed Identity configurations, verified with Sql Server Management Studio from SonarQube VM
SonarQube property files => * sonar.jdbc.url=jdbc:sqlserver://my-sqlserver.database.windows.net:1433;database=ms-sql-db-sonar;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;user=<SONAR VM IdentityId>;Authentication= ActiveDirectoryManagedIdentity ;
- Microsoft SQL JDBC Driver version (built-in with SonarQube): mssql-jdbc-12.2.0.jre11
- SonarQube is executing as of now in a Console mode

Error received in web log:
Facing the following Issue when we are starting the sonar by executing StartSonar from (\bin\windows-x86-64):

2023.07.14 21:41:33 ERROR web[][c.z.h.p.HikariPool] HikariPool-1 - Exception during pool initialization.
com.microsoft.sqlserver.jdbc.SQLServerException: Failed to load MSAL4J Java library for performing ActiveDirectoryManagedIdentity authentication.
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.getFedAuthToken(SQLServerConnection.java:5642)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.onFedAuthInfo(SQLServerConnection.java:5618)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.processFedAuthInfo(SQLServerConnection.java:5463)
    at com.microsoft.sqlserver.jdbc.TDSTokenHandler.onFedAuthInfo(tdsparser.java:311)
    at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:131)
    at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:42)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:6490)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:5068)
    at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:5002)

Query:

Is at all SonarQube supports the “ActiveDirectoryManagedIdentity” Authentication mode with Azure SQL DB?
If the above is supported, Can anybody help me to describe the steps to configure it properly?
If at all the above is not supported, Is there any simple way to completely secure the user and password information of SQL Connection in SonarQube? As of now, it is hardcoded in sonar.properties file

ganncamp · July 18, 2023, 3:29pm

Hi,

I guess you’re trying to use “integrated security”? If so, the docs cover this.

HTH,
Ann

sen.mithun.383 · July 20, 2023, 4:25pm

Hello G Ann Campbell,

Thanks for your response. I already followed the the docs but still no luck.

I found the solution by myself. But still not sure about the root cause.

Actually what I found that built-in mssql driver “mssql-jdbc-12.2.0.jre11” that shipped with SonarQube 10.1.0 (evaluation version) was NOT working as per the above context/configurations.

Instead, I downloaded the mssql-jdbc-11.2.3.jre17.jar from Maven and then only it worked for SonarQube 10.1.0 (evaluation version).

Similarly, for SonarQube 9.9 (LTS) (evaluation version) => mssql-jdbc-11.2.2.jre17.jar driver is Only working (instead of the built-in drivers)

Thanks
Mithun

ganncamp · July 20, 2023, 4:40pm

Hi Mithun,

Thanks for coming back with this valuable information! I’m going to pass it on internally.

Ann

sen.mithun.383 · July 20, 2023, 5:00pm

Hi G Ann Campbell,

Thanks a lot for your co-ordination.

Please be informed that for the above mentioned driver, the sql connection string need to be adjusted like following:

sonar.jdbc.url=jdbc:sqlserver://tcp:[[server name]].database.windows.net,1433;database=[[db name]];encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;Authentication=ActiveDirectoryMSI

As per the Microsoft documentation.

Just sharing with you, in case if you require that.

Thanks
Mithun

system · August 22, 2023, 7:06am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.