Google Authentication Plug-in for SonarQube

Description

This plugin enables user authentication and Single Sign-On via Google. It is heavily based on the code by Julien Lancelot Compatible with SonarQube version 5.6 and higher.

Feedback Process

Releases are created with every SNAPSHOT, but only non-SNAPSHOT releases are added to the Update Center
Snapshot releases are up for public review as release candidates
When a SNAPSHOT is deemed of sufficient quality to release, an announcement will be sent to the SonarQube Google Group requesting feedback
After the feedback period, the SNAPSHOT release will be re-tagged as a release and uploaded to the Update Center

Installation

Install the plugin through the Update Center or download it into the SONARQUBE_HOME/extensions/plugins directory
Restart the SonarQube server

Usage

In the Google Developers Console:

Go to "Credentials"
Click on the "Create credentials" drop-down, and select "OAuth client ID"
Set the "Application type" to "Web application"
Set the "Name" value to something which you will associated with SonarQube
Set the "Authorized JavaScript origins" to the base URL of your SonarQube server web application (no path allowed)
Set the "Authorized redirect URIs" to be:
- ${sonarBaseURL}/oauth2/callback/googleoauth

In SonarQube settings :

Go to "Security" -> "Google"
Set the "Enabled" property to true
Set Google authentication URI: https://accounts.google.com/o/oauth2/v2/auth
Set the "OAuth client ID" from the value provided by the Google OAuth consumer
Set the "OAuth consumer Secret" from the value provided by the Google OAuth consumer

Go to the login form, a new button "Log in with Google" allow users to connect to SonarQube with their Google accounts.

Note: Only HTTPS is supported

SonarQube must be publicly accessible through HTTPS only

The property 'sonar.core.serverBaseURL' must be set to this public HTTPS URL

General Configuration

Property	Description	Default value
sonar.auth.googleoauth.allowUsersToSignUp	Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate to the server	true
sonar.auth.googleoauth.clientId.secured	Consumer Key provided by Google when registering the consumer	None
sonar.auth.googleoauth.clientSecret.secured	Consumer password provided by Google when registering the consumer	None
sonar.auth.googleoauth.enabled	Enable Google users to login. Value is ignored if consumer Key and Secret are not defined	false
sonar.auth.googleoauth.loginStrategy	When the login strategy is set to 'Unique', the user's login will be auto-generated the first time so that it is unique. When the login strategy is set to 'Same as Google login', the user's login will be the Google login. This last strategy allows, when changing the authentication provider, to keep existing users (if logins from new provider are the same than Google)	Unique
sonar.auth.googleoauth.limitOauthDomain	When set with a GApps domain, only allow users from that domain to authenticate. Can be a list by separating domains with ","	None