After trying to keep this updated for some time, I have just not been able to with all of my other demands. If anyone would like to take this project over, you are welcome to. As an alternative, you can use oauth2-proxy and HTTP Header Authentication to support ANY OAuth2/OIDC provider.
This plugin enables user authentication and Single Sign-On via Google. It is heavily based on the code by Julien Lancelot Compatible with SonarQube version 5.6 and higher.
- Releases are created with every SNAPSHOT, but only non-SNAPSHOT releases are added to the Update Center
- Snapshot releases are up for public review as release candidates
- When a SNAPSHOT is deemed of sufficient quality to release, an announcement will be sent to the SonarQube Google Group requesting feedback
- After the feedback period, the SNAPSHOT release will be re-tagged as a release and uploaded to the Update Center
- Install the plugin through the Update Center or download it into the SONARQUBE_HOME/extensions/plugins directory
- Restart the SonarQube server
In the Google Developers Console:
- Go to "Credentials"
- Click on the "Create credentials" drop-down, and select "OAuth client ID"
- Set the "Application type" to "Web application"
- Set the "Name" value to something which you will associated with SonarQube
- Set the "Authorized JavaScript origins" to the base URL of your SonarQube server web application (no path allowed)
- Set the "Authorized redirect URIs" to be:
- ${sonarBaseURL}/oauth2/callback/googleoauth
In SonarQube settings :
- Go to "Security" -> "Google"
- Set the "Enabled" property to true
- Set Google authentication URI: https://accounts.google.com/o/oauth2/v2/auth
- Set the "OAuth client ID" from the value provided by the Google OAuth consumer
- Set the "OAuth consumer Secret" from the value provided by the Google OAuth consumer
Go to the login form, a new button "Log in with Google" allow users to connect to SonarQube with their Google accounts.
Note: Only HTTPS is supported
- SonarQube must be publicly accessible through HTTPS only
- The property 'sonar.core.serverBaseURL' must be set to this public HTTPS URL
| Property | Description | Default value |
|---|---|---|
| sonar.auth.googleoauth.allowUsersToSignUp | Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate to the server | true |
| sonar.auth.googleoauth.clientId.secured | Consumer Key provided by Google when registering the consumer | None |
| sonar.auth.googleoauth.clientSecret.secured | Consumer password provided by Google when registering the consumer | None |
| sonar.auth.googleoauth.enabled | Enable Google users to login. Value is ignored if consumer Key and Secret are not defined | false |
| sonar.auth.googleoauth.loginStrategy | When the login strategy is set to 'Unique', the user's login will be auto-generated the first time so that it is unique. When the login strategy is set to 'Same as Google login', the user's login will be the Google login. This last strategy allows, when changing the authentication provider, to keep existing users (if logins from new provider are the same than Google) | Unique |
| sonar.auth.googleoauth.limitOauthDomain | When set with a GApps domain, only allow users from that domain to authenticate. Can be a list by separating domains with "," | None |