Powershell script to change login

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

Recently we have implemented SSO . We have tested for 2-3 users from Postman now we want to change it for bulk users.
I am giving you an example below like what do we want to change .

Now it is -

{
​​​​​ “login” : “INHAFG” ,
“name” : “INHAFG” ,
“active” : true ,
“email” : “herbert@example.nl” ,
“groups” : [ “sonar-users” ],
“tokensCount” : 3,
“local” : false ,
“externalIdentity” : “herbert” ,
“externalProvider” : “sonarqube” ,
“avatar” : “98234989287fd115e2afa39cb3e1” }​​​​​

We are changing it to .

{​​​​​
“login” : “herbert@example.nl”
“name” : “Herbert White” ,
“active” : true ,
“email” : “herbert@example.nl” ,
“groups” : [ “sonar-users” ],
“tokensCount” : 3,
“local” : false ,
“externalIdentity” : " herbert@example.nl" ,
“externalProvider” : “aad” ,
“avatar” : “98234989287fd115e2afa39cb3e1” }​​​​​

From the above example , you can see that we are changing login and external provider .

I want your help to create a script for the same changes for the bulk user.

Could you please help me on this.

To get the result , I have written created this script -
$URI = ‘URL/api/users/update_identity_provider?login=PLAMSAU7&newExternalProvider=aad&newLogin=walter.green@ll.npa.com’ $PAT = ‘’ $AzureDevOpsAuthenicationHeader = @{Authorization = 'Basic ’ + [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("$($PAT)")) } $response = Invoke-RestMethod -Method Post -Uri $URI -ContentType ‘application/json’ -Body $testsuite_json -Headers $AzureDevOpsAuthenicationHeader return $response

But I am getting this error -
Invoke-RestMethod : The remote server returned an error: (401) Unauthorized. At line:4 char:13 + $response = Invoke-RestMethod -Method Post -Uri $URI -ContentType 'ap … + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Hey there.

Take a peak here to see one method of authorizing against SonarQube using Powershell.

Keep in mind you want to be using a SonarQube token, not a token from any other service (like Azure DevOps)

And pay close attention to the query parameters you use. It’s not newLogin, but newExternalIdentity.

Overall, you might find this guide helpful:

https://community.sonarsource.com/t/migrating-sonarqube-users-between-identity-providers-with-a-focus-on-ldap-saml/48653/2

Thanks a lot for the help.
The script was helpful and we got our result.

1 Like

Hi Colin , there are some service account in SonarQube . How can we implement SSO for them . For users, we were changing login , external identity and external provider but for Service account , how it is possible ?