How to integrate CAS authentification in SonarQube

StackOverflow https://stackoverflow.com/questions/20402503

Question

we want to integrate CAS authentication into Sonar 3.7 LTS. We want to start working with the deprecated CAS plugin, which of course doesn't work. We already compared it with the LDAP plugin from here whose Authenticator interestingly implements the deprecated interface LoginPasswordAuthenticator. One of the main differences is that the CAS Authenticator plugin implements Authenticator. So we altered the CAS Plugin that it implements LoginPasswordAuthenticator instead.

Now comes the clue:
In both cases, the authenticator implementing Authenticator or LoginPasswordAuthenticator, the username passed to it is null. The authentication against the CAS server works like a charm, the plugin knows the username, but Sonar asks the plugin, if it knows the user with the name null. The effect is that when we click on login we get redirected to CAS, fill in the login form and get redirected back to Sonar, still not authenticated to Sonar itself.

We also considered using container authentication but are not sure if that works with Sonar.

Now the question(s):

  • Has someone got the CAS plugin working with Sonar 3.7? If yes, how and can you provide the sources/solution/plugin?
  • Is there another way besides the suggested ones above?

One additional note: We want to use Sonar in our existing Tomcat 7, so using Sonar 4 is a way we do not really want to go because the Sonar team decided to stop war support. If anything else fails though, using it is a pain-in-the-ass-but-acceptable solution.

Thanks for your help.

Was it helpful?

Solution 2

Thanks to @psqita we got the CAS plugin for Sonar up and running with Saml 1.1. Business requirements said that no anonymous access shall be allowed. Sadly, setting forceAuthentication to true sent us into an endless loop of painful redirecting between CAS and Sonar. So we figured out that Sonar alters its behavior drastically in a way that it ignores all authentication plugins.

Our solution: As of business requirement we could not allow anonymous access. So we implemented another Filter that redirects conditionally to CAS. Authentication and stuff is still done by the plugin. Sadly, we still do not know why there was this endless loop in the first place but now it doesn't happen anymore. Well that's IT I think...

Thank you for your support and happy holidays.

OTHER TIPS

Try this fork: https://github.com/jerzykrlk/sonar-cas.

I restored the behaviour of the original plugin - it should work with Sonar 3.7. It is unofficial at the moment, and will require a manual build. But maybe it will become an official plugin at some point, again.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top