Q: Plugin Sonarqube to Openshift Authentication

custom_plugin
plugin
sonarqube

(Jonathan Velasco) #1

Hello everyone,

I would like to know if there is plugin authentication for openshit login? Like GitHub Plugin Autentication refer: https://docs.sonarqube.org/display/PLUG/GitHub+Authentication+Plugin

I’m using Sonarqube 7.1 and
Postgres database 9.6 versions

Regards


(G Ann Campbell) #2

Hi,

To my knowledge there is no such plugin.

 
Ann


(Vinod Anandan) #3

Hi Jonathan,

Could you please let us know what version of OpenShift you are using and what is your primiary Identity Provider (IdP) ?

If you are using RedHat SSO / Keycloak as the primary identity provider (IdP), you can integrate SonarQube with IdP using OpenID Connect.

https://access.redhat.com/documentation/en-us/red_hat_jboss_middleware_for_openshift/3/html-single/red_hat_single_sign-on_for_openshift/index

Please use the following SonarQube plugin for OpenID Connect (OIDC) integration.

You will have to create an openid connect client in RedHat SSO/Keycloak and then configure the SonarQube OIDC plugin with those credentials .

In summary, if your primary identity provider supports OpenID Connect (OIDC) integration, you can integrate SonarQube with IdP using the SonarQube OIDC plugin

If you need more information, please let us know.

Thank you,

Vinod


(G Ann Campbell) #4

Hi Vinod,

Thanks for chiming in. After seeing your reply, I started to add this plugin to the Other Plugins page… and realized it was already there. So sorry @Jonathan_Velasco for the wrong information.

 
Ann


(Jonathan Velasco) #5

Ty @vinod for the answer.

Im using Openshifit container platform 3.7 version and my Identity Provider is LDAP authentication,
I am not sure if plugin work with LDAP Authentication’s Openshift or is mandatory use Keycloak because LDAP is our primery identity provider and it can not be changed

vaulttec/sonar-auth-oidc

I see this documentation
https://docs.openshift.com/container-platform/3.7/install_config/configuring_authentication.html

But not said about support or not openID plugin

Regards and ty


(Vinod Anandan) #6

NP @Jonathan_Velasco

Okay, good to know. It seems like you are using OpenShift as primary Identity Provider using LDAP Identity Store.

If you want to you can also utilize the Keycloak/SSO primary IdP which is using the same LDAP Identity Store (user will enter the same username and password )

https://docs.openshift.com/container-platform/3.7/install_config/configuring_authentication.html#OpenID

https://docs.openshift.com/container-platform/3.7/security/securing_container_platform.html#security-platform-red-hat-sso

If you prefer to choose OpenShift itself as primary IdP, then you will have to configure Keycloak/SSO as an Identity Broker and then configure OpenShift as a Social Identity Providers in your Keycloak.

https://www.keycloak.org/docs/latest/server_admin/index.html#openshift

You can then integrate SonarQube with Keycloak/SSO using OIDC.

SonarQube <-> Keycloak <-> OpenShift

Thank you,

Vinod


(Jonathan Velasco) #7

Ty very much @vinod

Sry for late reply, I was testing and now its working :smiling_face_with_three_hearts:

Regards