- Edition SonarQube Enterprise
- Version 22.214.171.124424
- SonarScanner 126.96.36.1990
- Client OS Windows Server 2016 14393.5356
I want to set up my developers to use the SonarScanner to scan their .Net and Java applications from their machines (Windows Server 2016).
We use a PIV card to sign on to our local SonarQube server so we do not use a password but when I navigate to the page to create a token, it asks for a password. How can my developers obtain a token so they can use the SonarScanner?
Is there a way to use the scanner without a token and have it connect to our local SonarQube server using the PIV card for authentication?
I am guessing that this means your users aren’t actually logged in – can you discuss more about how you enabled authentication via a PIV card? Once you’re logged in, you shouldn’t be asked to authenticate again unless your session expires / the user logs out.
When I navigate to create a token, I enter these pages:
1 - Click my account - https://SQ/sonar/account
2 - Click security - https://SQ/sonar/account/security/
3 - Enter token name and click generate -
It is at #3 that I am prompted for an id/pwd. The page title is “Log in to SonarQube” and contains a field for Login and Password.
So I agree it appears that I’m logged out of SQ at this point, why else would I be brought to a page titled “Log in to SonarQube”? But I can still access all of the SQ components (projects, q-gates, q-profiles, rules, etc.) from that same browser tab without being prompted for my PIV PIN as I would had this been a new browser tab.
So I will check with the team managing our SQ to see if they can help with this. Thank you for your help.