SonarQube

Fallback to Sonar database if external security provider failed

Details

  • Number of attachments :
    0

Description

We want to use local sonar build-in users database and additionally ldap. At the moment only either or works.
E.g for the sionar pdf report plugin you need an sonar user account, because the plugin uses api which need authentification. Here we want to use a local sonar account and not need to create ldap account for it.
Secondly we need a local "backup" user account for an ldap account, in case ldap fails, and without having to change the sonar.authenticator.class

Maybe the ldap Plugin can support to have several sonar.authenticator.class, e.g
sonar.authenticator.class: org.sonar.plugins.ldap.LdapAuthenticator, org.sonar.EmbeddedAuthenticator

Issue Links

is duplicated by

Improvement - An improvement or enhancement to an existing feature or task. SONAR-1783 ability to fallback to non-LDAP authentication when LDAP authentication fails

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Evgeny Mandrikov added a comment -

In fact use-cases in description of this ticket implies that only combination of one external system + internal Sonar database required. What from a technical point of view means that we don't need chain of realms, but just fallback to Sonar database.

Show
Evgeny Mandrikov added a comment - In fact use-cases in description of this ticket implies that only combination of one external system + internal Sonar database required. What from a technical point of view means that we don't need chain of realms, but just fallback to Sonar database.
Hide
Permalink
Evgeny Mandrikov added a comment -

Fallback to database added in c578ba2.

Show
Evgeny Mandrikov added a comment - Fallback to database added in c578ba2 .
Hide
Permalink
Freddy Mallet added a comment -

Works well Evgeny but as discussed, the ability for a user to log in when the LDAP server is not available should be an option that should not be activated by default.

Show
Freddy Mallet added a comment - Works well Evgeny but as discussed, the ability for a user to log in when the LDAP server is not available should be an option that should not be activated by default.
Hide
Permalink
Freddy Mallet added a comment -

Moreover, if the password policy of the external system is not the same that the Sonar's one (more than 6 characters, ...), this should not prevent the user to log in.

Show
Freddy Mallet added a comment - Moreover, if the password policy of the external system is not the same that the Sonar's one (more than 6 characters, ...), this should not prevent the user to log in.
Hide
Permalink
Evgeny Mandrikov added a comment -

Done in a3e3cd6.
Name of new property to control password saving - "sonar.security.savePassword".
Also note that restriction on length of password in Sonar is 4 (but not 6) and this restriction not applied for external systems.

Show
Evgeny Mandrikov added a comment - Done in a3e3cd6 . Name of new property to control password saving - "sonar.security.savePassword". Also note that restriction on length of password in Sonar is 4 (but not 6) and this restriction not applied for external systems.
Hide
Permalink
Freddy Mallet added a comment -

Manually tested

Show
Freddy Mallet added a comment - Manually tested
Hide
Permalink
Evgeny Mandrikov added a comment -

Integration tests added.

Show
Evgeny Mandrikov added a comment - Integration tests added.
Hide
Permalink
Freddy Mallet added a comment -

Don't know why but this feature doesn't work with the LDAP plugin.

Show
Freddy Mallet added a comment - Don't know why but this feature doesn't work with the LDAP plugin.
Hide
Permalink
Evgeny Mandrikov added a comment -

Indeed Freddy, seems that following use-case doesn't work and was not covered by integration tests :

  1. set "sonar.security.savePassword" to "false" (default value)
  2. create local Sonar user, which doesn't exist in external system, e.g. username "foo" with a password "12345"
  3. try to login => fails, whereas we expecting success

I'm going to fix this and update integration tests.

Show
Evgeny Mandrikov added a comment - Indeed Freddy, seems that following use-case doesn't work and was not covered by integration tests : set "sonar.security.savePassword" to "false" (default value) create local Sonar user, which doesn't exist in external system, e.g. username "foo" with a password "12345" try to login => fails, whereas we expecting success I'm going to fix this and update integration tests.
Hide
Permalink
Evgeny Mandrikov added a comment -

Bug was on plugin side, so I fixed it as part of SONARPLUGINS-1311 in r5110.
Integration tests updated.

Show
Evgeny Mandrikov added a comment - Bug was on plugin side, so I fixed it as part of SONARPLUGINS-1311 in r5110 . Integration tests updated.
Hide
Permalink
Freddy Mallet added a comment -

Manually tested

Show
Freddy Mallet added a comment - Manually tested

People

  • Assignee:
    Evgeny Mandrikov
    Reporter:
    cforce
Vote (1)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved: