SonarScanner using PIV card to connect

  • Edition SonarQube Enterprise
  • Version 9.4.0.54424
  • SonarScanner 4.6.1.2450
  • Client OS Windows Server 2016 14393.5356

I want to set up my developers to use the SonarScanner to scan their .Net and Java applications from their machines (Windows Server 2016).

We use a PIV card to sign on to our local SonarQube server so we do not use a password but when I navigate to the page to create a token, it asks for a password. How can my developers obtain a token so they can use the SonarScanner?

Is there a way to use the scanner without a token and have it connect to our local SonarQube server using the PIV card for authentication?

I am guessing that this means your users aren’t actually logged in – can you discuss more about how you enabled authentication via a PIV card? Once you’re logged in, you shouldn’t be asked to authenticate again unless your session expires / the user logs out.

Hi,

When I navigate to create a token, I enter these pages:

1 - Click my account - https://SQ/sonar/account

2 - Click security - https://SQ/sonar/account/security/

3 - Enter token name and click generate -
https://SQ/sonar/sessions/new?return_to=%2Fsonar%2Faccount%2Fsecurity%2F

It is at #3 that I am prompted for an id/pwd. The page title is “Log in to SonarQube” and contains a field for Login and Password.

So I agree it appears that I’m logged out of SQ at this point, why else would I be brought to a page titled “Log in to SonarQube”? But I can still access all of the SQ components (projects, q-gates, q-profiles, rules, etc.) from that same browser tab without being prompted for my PIV PIN as I would had this been a new browser tab.

So I will check with the team managing our SQ to see if they can help with this. Thank you for your help.