sonar-auth-gitlab-plugin icon indicating copy to clipboard operation
sonar-auth-gitlab-plugin copied to clipboard

Published 20 hours ago verified publisher icon gabrie-allaigre

怎么设置允许http访问呢,我们是内网做的,不需要https的

Open loverto opened this issue 8 years ago • 7 comments

怎么设置允许http访问呢,我们是内网做的,不需要https的,

loverto avatar May 26 '17 05:05 loverto

Sorry, I don't understand. Please write english. With google translation, SonarQube requires to have https for oauth

gabrie-allaigre avatar May 26 '17 06:05 gabrie-allaigre

Our system is used by the internal network, I think there is no need to use https, this plugin must use https? Or that is sonarqube need, if I do not want to use https, then I manually modify the plugin can solve this problem, I would like to know where to amend?

loverto avatar May 26 '17 07:05 loverto

2017.05.26 09:20:02 ERROR web[AVxECceHChrxi02dAADk][o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'gitlab'

loverto avatar May 26 '17 09:05 loverto

Hi, In this case, Gitlab is an OAuth provider and follow the OAUTH 2.0 RFC, the communication between servers must be secured. so HTTPS is mandatory. I don't know if it is possible to use it in your context, but you can use https://letsencrypt.org/ to create the certificate. Regards,

misterfifi1 avatar May 29 '17 07:05 misterfifi1

I have the same question, but I just want to know wether both sonarqube and gitlab need https or just sonarqube?

Totti0135 avatar Jul 11 '17 03:07 Totti0135

Hi, SonarQube need https. GitLab maybe.

gabrie-allaigre avatar Jul 11 '17 07:07 gabrie-allaigre

Hi, From my point of view, following the OAuth 2.0 RFC (Section: 10.9. Ensuring Endpoint Authenticity), all servers must be secured and the communication should be done through TLS (only localhost is autorised in HTTP for tests purpose). Therefore HTTPS should be activated on both.

if needed, you can create a free certificate using https://letsencrypt.org/

Regards.

misterfifi1 avatar Jul 19 '17 07:07 misterfifi1