SonarQube - SSO only allow specific users access to SonarQube via Security group - sonarqube

I am implementing SSO into our SonarQube. Due to our company having so many users I want to only allow users that are within a specific security group e.g. SonarUsers. To have access to SonarQube and would be associated with a SonarUsers SonarQube Group and the same for SonarAdmins.
How/Is this possible?
Using SonarQube 6.2 and SSO Plugin 1.5.1

From a single-sign-on perspective, your only option would be to have your SSO system refuse to authenticate them. But that's probably not what you want.
On the SonarQube side, since you're delegating authentication your only option would be to refuse them permission to see anything once they've authenticated. Do that by restricting who can Browse your projects

Related

OAuth 2.0 Client IDs enable access only a groups of users in my internal organisation

I created a reverse proxy with Apache on CentOS 7.
I configured access to this site using OAuth 2.0 Client IDs on GSuite.
Now works good, and all users in my internal organization can be access on my site.
Now, my question is:
Is it possible to restrict access only to a group?
If an user is member of this group is allowed to access otherwise can't access.
It isn't possible because google API OAuth2.0 don't manage groups.

CAS default user and missing permission to Administrator Panel

I need create fake CAS server on localhost. I copy this repo and I run this. But now I have problem with access to Administration panel or something like that on user: casuser and password: Mellon.
Is there any UI to manage CAS? How can I configure CAS to use this as localhost authentication server?
Is there any UI to manage CAS?
There is a UI that would allow one to manage application registrations and policies with CAS, but as of this writing, there is no UI to manage the CAS configuration itself. The Spring Boot Admin project might be an option to research.
Today, CAS configuration more or less is a source-driven process where you configure modules via build.gradle file and relevant configuration via a cas.properties file. You'll need to edit these by hand to prep your deployment.

SonarQube Azure AD login does not place users in correct groups

I have set up Azure AD authentication on my SonarQube server as well as the corresponding app registration listed in Azure AD. The problem I am facing is that when I try to authenticate to the SonarQube portal using my Azure login, it logs me into the portal but doesn't place my account in the correct group!
My account is placed in the "sonar-users" default group when it should be fed into the other group which is named exactly the same as the group listed in Azure AD (as per the SQ documentation).
Has any one experienced any issues similar to this? If so, did you manage to resolve it?
Have you checked, that your APP-registration has the corresponding permissions to the AAD?
Sign in and read user profile
Read all users' basic profiles
Read directory data
https://github.com/hkamel/sonar-auth-aad Point 7

The difference between Spring Security LDAP VS CAS VS OpenID

In spring security I understand that there are different modules catered to different usage and among some of the modules I saw LDAP, CAS and OPENID.
From my understanding
CAS - it is only used for authentication purposes based on a SSO
LDAP - it is based on a LDAP server to authenticate users and
manage them. Am I correct?
OPENID - It is also based on a OpenID Server to authenticate users
If that is the case, why would some people use CAS instead of LDAP? Maybe it is because of different usability? Can anyone shed the difference between the 3 of them why are one more preferred than the others?
CAS as a protocol is a mechanism to provide web single signon. There is also CAS, the software platform that implements that protocol amongst many others, including openid.
OpenId is also an authentication protocol, similar to CAS, able to achieve web single sign on but more in a federated fashion.
LDAP is a protocol that defines how one should talk to a directory server. Most systems use LDAP to talk to a directory to retrieve user accounts, verify them and retrieve attributes associated with them. It has nothing to do with authentication or single sign on. CAS, the software, can be configured to find user accounts from ldap, find attributes from ldap or do other things with ldap.

Security in WAS 6.1

In WAS 6.1, when I click on Users and Groups --> Manage Users, I get error:
"You must enable administrative security and security must be activated to manage users and groups using the federated repositories feature."
How to go about solving this? I am new to WAS
What you need to do is to enable the administrative security. Typically this involves configuring your server against the file based registry or LDAP.

Resources