SonarQube server 7.4: User account lock after unsuccessful login attempts

sonarqube
authentication

(Narayanan Potti) #1

I have SonarQube 7.4 community edition. My client has a requirement that a user account in SonarQube must be locked after 3 unsuccessful login attempts. A locked user account should be automatically unlocked after a certain time out which can be configured in sonar.properties file.

I wanted to know if this feature available in SonarQube 7.4. If not, can it be included in a future release ? Any help is greatly appreciated.

Thanks
NP


(Julien Lancelot) #2

Hi,

Sorry, this feature is not available when using local accounts and I don’t think we’ll look into this in the futur.
However, when delegating authentication to an external system (LDAP, GitHub, etc.), the system has the full control on the authentication, so you should be able how to implement what you want.

You can have a look at the documentation to put in place the delegation of authentication : https://docs.sonarqube.org/latest/instance-administration/delegated-auth/

Regards,
Julien Lancelot