SonarQube
  1. SonarQube
  2. SONAR-3138

Fallback to Sonar database if external security provider failed

    Details

    • Number of attachments :
      0

      Description

      We want to use local sonar build-in users database and additionally ldap. At the moment only either or works.
      E.g for the sionar pdf report plugin you need an sonar user account, because the plugin uses api which need authentification. Here we want to use a local sonar account and not need to create ldap account for it.
      Secondly we need a local "backup" user account for an ldap account, in case ldap fails, and without having to change the sonar.authenticator.class

      Maybe the ldap Plugin can support to have several sonar.authenticator.class, e.g
      sonar.authenticator.class: org.sonar.plugins.ldap.LdapAuthenticator, org.sonar.EmbeddedAuthenticator

        Issue Links

          Activity

          Hide
          Evgeny Mandrikov added a comment -

          In fact use-cases in description of this ticket implies that only combination of one external system + internal Sonar database required. What from a technical point of view means that we don't need chain of realms, but just fallback to Sonar database.

          Show
          Evgeny Mandrikov added a comment - In fact use-cases in description of this ticket implies that only combination of one external system + internal Sonar database required. What from a technical point of view means that we don't need chain of realms, but just fallback to Sonar database.
          Hide
          Evgeny Mandrikov added a comment -

          Fallback to database added in c578ba2.

          Show
          Evgeny Mandrikov added a comment - Fallback to database added in c578ba2 .
          Hide
          Freddy Mallet added a comment -

          Works well Evgeny but as discussed, the ability for a user to log in when the LDAP server is not available should be an option that should not be activated by default.

          Show
          Freddy Mallet added a comment - Works well Evgeny but as discussed, the ability for a user to log in when the LDAP server is not available should be an option that should not be activated by default.
          Hide
          Freddy Mallet added a comment -

          Moreover, if the password policy of the external system is not the same that the Sonar's one (more than 6 characters, ...), this should not prevent the user to log in.

          Show
          Freddy Mallet added a comment - Moreover, if the password policy of the external system is not the same that the Sonar's one (more than 6 characters, ...), this should not prevent the user to log in.
          Hide
          Evgeny Mandrikov added a comment -

          Done in a3e3cd6.
          Name of new property to control password saving - "sonar.security.savePassword".
          Also note that restriction on length of password in Sonar is 4 (but not 6) and this restriction not applied for external systems.

          Show
          Evgeny Mandrikov added a comment - Done in a3e3cd6 . Name of new property to control password saving - "sonar.security.savePassword". Also note that restriction on length of password in Sonar is 4 (but not 6) and this restriction not applied for external systems.
          Hide
          Freddy Mallet added a comment -

          Manually tested

          Show
          Freddy Mallet added a comment - Manually tested
          Hide
          Evgeny Mandrikov added a comment -

          Integration tests added.

          Show
          Evgeny Mandrikov added a comment - Integration tests added.
          Hide
          Freddy Mallet added a comment -

          Don't know why but this feature doesn't work with the LDAP plugin.

          Show
          Freddy Mallet added a comment - Don't know why but this feature doesn't work with the LDAP plugin.
          Hide
          Evgeny Mandrikov added a comment -

          Indeed Freddy, seems that following use-case doesn't work and was not covered by integration tests :

          1. set "sonar.security.savePassword" to "false" (default value)
          2. create local Sonar user, which doesn't exist in external system, e.g. username "foo" with a password "12345"
          3. try to login => fails, whereas we expecting success

          I'm going to fix this and update integration tests.

          Show
          Evgeny Mandrikov added a comment - Indeed Freddy, seems that following use-case doesn't work and was not covered by integration tests : set "sonar.security.savePassword" to "false" (default value) create local Sonar user, which doesn't exist in external system, e.g. username "foo" with a password "12345" try to login => fails, whereas we expecting success I'm going to fix this and update integration tests.
          Hide
          Evgeny Mandrikov added a comment -

          Bug was on plugin side, so I fixed it as part of SONARPLUGINS-1311 in r5110.
          Integration tests updated.

          Show
          Evgeny Mandrikov added a comment - Bug was on plugin side, so I fixed it as part of SONARPLUGINS-1311 in r5110 . Integration tests updated.
          Hide
          Freddy Mallet added a comment -

          Manually tested

          Show
          Freddy Mallet added a comment - Manually tested

            People

            • Assignee:
              Evgeny Mandrikov
              Reporter:
              cforce
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: