SonarQube on Virtual Machine / Integrated authentication with Azure AD Issue

Version Info:

  • SonarQube Developer Edition v9.7.1
  • Microsoft JDK 11.0.16.101

What am I trying to do?

  • Setup of Azure SQL database authentication for virtual machine admin account running SonarQube, using Active Directory Integrated security

What have I tried so far to achieve this?

  • I have setup a dedicated ‘sonar’ database in Azure SQL, with a ‘sonarqube’ user with create, update, and delete permissions. This user has an Azure user-assigned managed identity that has also been granted the relevant role and permissions in Azure SQL.
  • I have attempted to setup the db_owner login and user for the Windows admin account that is running the instance of SonarQube on the virtual machine. I have given this a user-assigned managed identity in Azure, with the same name as the account on the virtual machine, and as the db_owner user/login name on SQL. This managed ID has been granted the necessary role and permissions on Azure SQL. All of these steps have been done based on the installation guide, where it mentions that the Windows Account running SonarQube needs to have db_owner permissions.
  • Following the installation guide, I have downloaded and added the mssql-jdbc_auth-11.2.0.x64.dll file to the Java path on the virtual machine.
  • I have looked into the SonarQube AAD plugin, but as far as I’m aware, this is for logging into SonarQube accounts, not for SQL integrated authentication

What is going wrong?

  • After installing and starting the server, and running the StartSonar.bat script (after waiting sufficient time for the installation and startup to complete), the server encounters an error and stops.
  • The error from the logs is: com.microsoft.sqlserver.jdbc.SQLServerException: Failed to authenticate the user in Active Directory (Authentication=ActiveDirectoryIntegrated).

I think I understand that the issue is related to linking the Windows account with Azure Active Directory, but I just don’t really know what I’m missing to enable this. Due to security policies in place, SQL authentication and Windows authentication on SQL Server are disabled, so Active Directory authentication is the only option I can pursue.
Any ideas of where to go next?

Thanks in advance!

Hi,

Welcome to the community!

As I understand it, you followed the “Integrated Security” instructions for SQL Server in the docs. The one step in the docs I didn’t see you explicitly say you followed was commenting-out sonar.jdbc.username and sonar.jdbc.password. Did you?

 
Ann

Hi Ann,

Thanks for your response!
Yes, I did comment out those lines, so I don’t think it’s related to that.
Would it help if I posted my sonar.properties file for troubleshooting?

Hi,

Well, it won’t help me, because I’m in over my head at this point. :sweat_smile:

But I’ve flagged this for more expert attention, so it may help them. Just please be sure to redact sensitive information.

 
Ann

1 Like

No problem! I appreciate your help in raising this further, all the same!

The properties file is below.
The only items I have modified in this example file are the sonar.jdbc.url for MS SQL Server, and the sonar.path.data and sonar.path.temp properties.
The sonar.jdbc.url contains redacted sensitive information, but I can confirm that the actual values in the string are correct.

sonar.txt (20.4 KB)

Thanks,
Sam

Hello @sfarr-dbd,
Thanks for the information that you sent us!

Following the documentation, in the “Integrated Security” section for Microsoft SQL Server, it mentions that the sonar.jdbc.url should have the parameter integratedSecurity=true, while in the sample you send us contains Authentication=ActiveDirectoryIntegrated. Did you try the recommended parameter already?

Best regards,
Steve MARION