Fallback to Sonar database if external security provider failed

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.14
Component/s: Authentication & Authorization
Labels:
None

Number of attachments :
0

Description

We want to use local sonar build-in users database and additionally ldap. At the moment only either or works.
E.g for the sionar pdf report plugin you need an sonar user account, because the plugin uses api which need authentification. Here we want to use a local sonar account and not need to create ldap account for it.
Secondly we need a local "backup" user account for an ldap account, in case ldap fails, and without having to change the sonar.authenticator.class

Maybe the ldap Plugin can support to have several sonar.authenticator.class, e.g
sonar.authenticator.class: org.sonar.plugins.ldap.LdapAuthenticator, org.sonar.EmbeddedAuthenticator

Issue Links

is duplicated by

SONAR-1783 ability to fallback to non-LDAP authentication when LDAP authentication fails

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Evgeny Mandrikov added a comment - 05/Jan/12 5:23 PM

In fact use-cases in description of this ticket implies that only combination of one external system + internal Sonar database required. What from a technical point of view means that we don't need chain of realms, but just fallback to Sonar database.

Show

Evgeny Mandrikov added a comment - 05/Jan/12 5:23 PM In fact use-cases in description of this ticket implies that only combination of one external system + internal Sonar database required. What from a technical point of view means that we don't need chain of realms, but just fallback to Sonar database.

Hide

Permalink

Evgeny Mandrikov added a comment - 06/Jan/12 1:31 AM

Fallback to database added in c578ba2.

Show

Evgeny Mandrikov added a comment - 06/Jan/12 1:31 AM Fallback to database added in c578ba2 .

Hide

Permalink

Freddy Mallet added a comment - 19/Jan/12 4:18 AM

Works well Evgeny but as discussed, the ability for a user to log in when the LDAP server is not available should be an option that should not be activated by default.

Show

Freddy Mallet added a comment - 19/Jan/12 4:18 AM Works well Evgeny but as discussed, the ability for a user to log in when the LDAP server is not available should be an option that should not be activated by default.

Hide

Permalink

Freddy Mallet added a comment - 19/Jan/12 4:35 AM

Moreover, if the password policy of the external system is not the same that the Sonar's one (more than 6 characters, ...), this should not prevent the user to log in.

Show

Freddy Mallet added a comment - 19/Jan/12 4:35 AM Moreover, if the password policy of the external system is not the same that the Sonar's one (more than 6 characters, ...), this should not prevent the user to log in.

Hide

Permalink

Evgeny Mandrikov added a comment - 23/Jan/12 11:48 PM

Done in a3e3cd6.
Name of new property to control password saving - "sonar.security.savePassword".
Also note that restriction on length of password in Sonar is 4 (but not 6) and this restriction not applied for external systems.

Show

Evgeny Mandrikov added a comment - 23/Jan/12 11:48 PM Done in a3e3cd6 . Name of new property to control password saving - "sonar.security.savePassword". Also note that restriction on length of password in Sonar is 4 (but not 6) and this restriction not applied for external systems.

Hide

Permalink

Freddy Mallet added a comment - 26/Jan/12 9:32 AM

Manually tested

Show

Freddy Mallet added a comment - 26/Jan/12 9:32 AM Manually tested

Hide

Permalink

Evgeny Mandrikov added a comment - 31/Jan/12 10:27 AM

Integration tests added.

Show

Evgeny Mandrikov added a comment - 31/Jan/12 10:27 AM Integration tests added.

Hide

Permalink

Freddy Mallet added a comment - 14/Feb/12 7:44 AM

Don't know why but this feature doesn't work with the LDAP plugin.

Show

Freddy Mallet added a comment - 14/Feb/12 7:44 AM Don't know why but this feature doesn't work with the LDAP plugin.

Hide

Permalink

Evgeny Mandrikov added a comment - 14/Feb/12 4:38 PM

Indeed Freddy, seems that following use-case doesn't work and was not covered by integration tests :

set "sonar.security.savePassword" to "false" (default value)
create local Sonar user, which doesn't exist in external system, e.g. username "foo" with a password "12345"
try to login => fails, whereas we expecting success

I'm going to fix this and update integration tests.

Show

Evgeny Mandrikov added a comment - 14/Feb/12 4:38 PM Indeed Freddy, seems that following use-case doesn't work and was not covered by integration tests : set "sonar.security.savePassword" to "false" (default value) create local Sonar user, which doesn't exist in external system, e.g. username "foo" with a password "12345" try to login => fails, whereas we expecting success I'm going to fix this and update integration tests.

Hide

Permalink

Evgeny Mandrikov added a comment - 15/Feb/12 1:57 AM

Bug was on plugin side, so I fixed it as part of ~~SONARPLUGINS-1311~~ in r5110.
Integration tests updated.

Show

Evgeny Mandrikov added a comment - 15/Feb/12 1:57 AM Bug was on plugin side, so I fixed it as part of SONARPLUGINS-1311 in r5110 . Integration tests updated.

Hide

Permalink

Freddy Mallet added a comment - 15/Feb/12 4:42 AM

Manually tested

Show

Freddy Mallet added a comment - 15/Feb/12 4:42 AM Manually tested

People

Assignee:

Evgeny Mandrikov

Reporter:

cforce

Vote (1)

Watch (2)

Dates

Created:

30/Aug/11 9:01 AM

Updated:

15/Feb/12 4:49 AM

Resolved:

15/Feb/12 1:57 AM