IJ IDEA version: 2023.1.2 Build #IU-231.9011.34, built on May 16, 2023
Operating system: MacOSX
SonarLint plugin version: 8.3.0
Programming language you’re coding in: Java/Kotlin
Is connected mode used:
Connected to SonarCloud or SonarQube (and which version): Sonarqube server v9.9.1
And a thorough description of the problem / question:
When adding a new connection the it 's impossible to get a succesful authentication by user crdentials or token
Are you able to log in directly on your SonarQube with the credentials you provided on SonarLint and was your token generated via the Create token button, or was it manually copy-pasted?
Also, has your SonarQube any network specificities like running behind a proxy for example?
There is no server logs dealing with that issue. Is there a way to capture plugins logs ? it looks the issue is located on plugin side only, or am I missing something ?
When connecting to SonarQube, do you have any kind of SSO page or interface between you and the server?
One thing to check would be the access.log of your SonarQube, can you see the request coming to the endpoint /api/authentication/validate and what is the result? For example:
You could also try to curl directly the server with your token or credentials and see if it works. If it doesn’t work then it’s not linked to SonarLint unfortunately. Here is a basic example command:
Lastly, if that’s still an issue, we could provide you a custom build with logging enabled on our HttpClient so we can make sure what is going on on the IDE side.
Dealing with the Curl operation above, the response is {"valid":false}
Having a custom build with logging enabled would be a good option imho.
Thanks by advance
The issue is probably due to the SSO gateway as shown by the curl command output.
We currently don’t support such flow, the only way to authenticate to the SonarQube web API is via HTTP Basic Authentication. This isn’t easy to handle because while most SSOs use standard protocols like HTTP Basic, Digest, or NTLM authentication, others use their own custom HTTP-based login protocol, requiring session cookies, CSRF-Token…
I’d recommend whitelisting SonarQube web APIs not to require login via SSO.
Maybe you could provide more information on your SSO provider, like the protocol used, so we could try to find a workaround.
hi
I’ve whitelisted the Sonarqube API endpoint regarding SSO login, then it’s now possible to request behind a VPN only. A simple Curl to system status results well with
However , connecting the Server from the the SonarLint IJ plugin sends an authentication failure.
May the reverse proxy running being an issue for the plugin ?
The system status endpoint does not require authentication, could you please try the curl against /api/authentication/validate endpoint as it was previously done?
Hi
Curl results with {"valid":false}, the SSO has been disabled on the endpoint however.
Please let me know if any action can be taken to tackle the issue.
SonarLint can only authenticate using a token or username/password through BASIC authentication.
If you are using a custom authentication plugin on SonarQube side, that for example is expecting a custom HTTP header to be present, then it won’t work.
I am having similar problem. Not able to link SonarLint with SonarQube server running behind cloudflare. Cloudflare authentication works with mTLS certificate but I am finding no option to configure the certificate while binding.
Considering this would be a common use case in present day, please help to overcome the challenge.
We made an update to our documentation to mention the way to provide client SSL certificates. May I let you read Advanced configuration for Connected Mode and SonarLint and let us know if this is clear enough for your use case?