MikeBirnstiehl
4 years ago
2 changed files with 30 additions and 3 deletions
+ 25
- 3
server/sonar-docs/src/pages/instance-administration/delegated-auth.md
View File
| @@ -4,7 +4,7 @@ url: /instance-administration/delegated-auth/ | |||
| --- | |||
| SonarQube comes with an onboard user database, as well as the ability to delegate authentication via HTTP Headers, GitHub Authentication, SAML, or LDAP. Each method offers user identity management, group synchronization/mapping and authentication. | |||
| SonarQube comes with an onboard user database, as well as the ability to delegate authentication via HTTP Headers, GitHub Authentication, GitLab Authentication, SAML, or LDAP. Each method offers user identity management, group synchronization/mapping, and authentication. | |||
| ## Group Mapping | |||
| When using group mapping, the following caveats apply regardless of which delegated authentication method is used: | |||
| @@ -40,7 +40,7 @@ You can delegate authentication to GitHub Enterprise using a dedicated GitHub OA | |||
| 1. You'll need to first create a GitHub OAuth application. Click [here](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/) for general instructions: | |||
| 1. "Homepage URL" is the public URL to your SonarQube server, for example "https://sonarqube.mycompany.com". For security reasons HTTP is not supported. HTTPS must be used. The public URL is configured in SonarQube at **[Administration -> General -> Server base URL](/#sonarqube-admin#/admin/settings)** | |||
| 1. "Authorization callback URL" is <Homepage URL>/oauth2/callback, for example "https://sonarqube.mycompany.com/oauth2/callback" | |||
| 1. In SonarQube navigate to **[Administration > Configuration > General Settings > GitHub](/#sonarqube-admin#/admin/settings?category=github)**: | |||
| 1. In SonarQube, navigate to **[Administration > Configuration > General Settings > GitHub](/#sonarqube-admin#/admin/settings?category=github)**: | |||
| 1. Set **Enabled** to `true` | |||
| 1. Set the **Client ID** to the value provided by the GitHub developer application | |||
| 1. Set the **Client Secret** to the value provided by the GitHub developer application | |||
| @@ -53,6 +53,28 @@ On the login form, the new "Log in with GitHub" button allows users to connect w | |||
| If you previously used a dedicated GitHub OAuth application for authentication, it can be removed. | |||
| ## GitLab Authentication | |||
| You can delegate authentication to GitLab using a dedicated GitLab OAuth application. | |||
| Create a GitLab OAuth application from your GitLab account. Click [here](https://docs.gitlab.com/ee/integration/oauth_provider.html/) for general instructions. | |||
| 1. In the **Name** text box, name your app SonarQube. | |||
| 1. In the **Redirect URI** text box, enter your SonarQube URL with the path `/oauth2/callback/gitlab/`. For example, `https://YourSonarQubeURL.com/oauth2/callback/gitlab/`. | |||
| 1. Under **Scopes**, select **api**. | |||
| After saving your application, GitLab gives you your **Application ID** and **Secret**. Keep these at hand, open your SonarQube instance, and navigate to **[Administration > Configuration > General Settings > Security](/#sonarqube-admin#/admin/settings?category=security/)** to finish setting up GitLab authentication: | |||
| 1. Set **Enabled** to `true`. | |||
| 1. Enter the Application ID provided by GitLab in the **Application ID** text box. | |||
| 1. Enter the Secret provided by GitLab in the **Secret** text box. | |||
| On the login form, the new "Log in with GitLab" button allows users to connect with their GitLab accounts. | |||
| ### GitLab group synchronization | |||
| Setting **Synchronize groups** to `true` associates GitLab groups with SonarQube groups of the same name (if they exist). GitLab user's inherit membership to subgroups from parent groups so a user that is a member of a group will also be a member of the group's subgroups. | |||
| To synchronize a GitLab group or subgroup with a SonarQube group, name the SonarQube group with the full path of the of the GitLab group or subgroup URL. For example, say you have a GitLab group named "My Group" with a subgroup named "My Subgroup" and the subgroup URL is `https://YourGitLabURL.com/my-group/my-subgroup`. You would name your SonarQube group `my-group/my-subgroup` to synchronize it with your GitLab subgroup. | |||
| ## SAML Authentication | |||
| You can delegate authentication to a SAML 2.0 Identity Provider using SAML Authentication. | |||
| @@ -105,7 +127,7 @@ The following example may be useful if you're using Keycloak as a SAML Identity | |||
| | * Single Role Attribute: ON | |||
| | * Full Group Path: OFF | |||
| | | |||
| | Download the XML configuration file in Installations > Format Option > SAML Metadata IDPSSODescriptor | |||
| | Download the XML configuration file from Keycloak. | |||
| [[collapse]] | |||
| | ## In SonarQube, Configure SAML authentication | |||
+ 5
- 0
server/sonar-docs/src/pages/setup/upgrade-notes.md
View File
| @@ -3,6 +3,11 @@ title: Release Upgrade Notes | |||
| url: /setup/upgrade-notes/ | |||
| --- | |||
| ## Release 8.0 Upgrade Notes | |||
| **GitLab Authentication now built in** | |||
| GitLab OAuth2 authentication is now available in all editions. Users of the community plugin must remove the plugin from SonarQube when upgrading. The configured variable of the plugin will be migrated, so the authentication will work without having to rewrite the configuration. Due to changes in group mapping, GitLab subgroups mapped using the community plugin will need to be renamed in SonarQube for the mapping to work. ([SONAR-12460](https://jira.sonarsource.com/browse/SONAR-12460)). | |||
| ## Release 7.9.1 LTS Upgrade Notes | |||
| **Upgrade on Microsoft SQL Server fixed** | |||
| Upgrade failure and performance issues with Microsoft SQL Server have been fixed ([SONAR-12260](https://jira.sonarsource.com/browse/SONAR-12260), [SONAR-12251](https://jira.sonarsource.com/browse/SONAR-12251)). | |||
Loading…