Sonarlint plugin for Intellij - Version: 3.5.0.2729
Sonarqube version - 7.9
We are using ldap authentication for sonarqube server and using the same credentials from sonar lint for binding remote server. If the password is updated by user (in active directory) and forgot to update in sonarlint plugin in Intellij then sonar lint is continuously trying to authenticate with old credentials and locking the accounts. I expect sonarlint should show some error if authentication failed so that users can update the password in sonarlint instead of sonarlint continuously retrying silently without even prompting the user about failure.
Thanks,
Pavan
Hello Pavan, thank you for your feedback.
I understand that having your account locked by a tool that stubbornly uses outdated credentials can be annoying (been there, done that).
May I suggest that you switch to token-based authentication? Indeed, tokens generated by SonarQube are not supposed to expire when the user’s credentials change, and revocation of a SonarQube-issued token has no impact on any externally provided authentication method.
Token-based authentication has been available in SonarQube since at least the previous LTS (6.7) and is the recommended way to call Web services on server side, precisely for reasons like expiration of externally-provided credentials.
I created a ticket for us to discuss about the best way to fix this issue in the medium- to long-term. In this regard, deprecation/drop of login/password-based authentication definitely looks like a promising option.
Kind regards,
– JB.L