9.8 to 9.9 upgrade issue - SAML not working

arun2022 · February 25, 2023, 7:16pm

Make sure to tell us:

What version are you upgrading from? 9.8-community
System information (Operating system, Java version, Database provider/version)
What’s the issue you’re facing?

I’m not getting SAML login prompt and it just shows only normal username/password login fields.

From the logs I don’t see any errors apart from below warnings

 web[][o.s.s.a.LogOAuthWarning] For security reasons, OAuth authentication should use HTTPS. You should set the property 'Administration > Configuration > Server base URL' to a HTTPS URL.
2023.02.25 19:09:48 INFO  web[][o.s.s.p.UpdateCenterClient] Upda

02.25 19:10:24 INFO  web[][o.s.s.s.RenameDeprecatedPropertyKeys] Rename deprecated property keys
2023.02.25 19:10:24 WARN  app[][startup] ####################################################################################################################
2023.02.25 19:10:24 WARN  app[][startup] Plugin(s) detected. Plugins are not provided by SonarSource and are therefore installed at your own risk. A SonarQube administrator needs to acknowledge this risk once logged in.
2023.02.25 19:10:24 WARN  app[][startup] ####################################################################################################################
2023.02.25 19:10:24 INFO  web[][o.s.s.s.RegisterPlugins] Register plugins
2023.02.25 19:10:24 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.platform.web.SonarLintConnectionFilter@4732ac14 [pattern=UrlPattern{inclusions=[/api/*], exclusions=[]}]

/temp/sq-process15891342916955288592properties
2023.02.25 19:10:25 INFO  web[][o.s.s.q.ProjectsInWarningDaemon] Counting number of projects in warning will be disabled as there are no more projects in warning.
19:10:26.483 [main] INFO com.github.mc1arke.sonarqube.plugin.CommunityBranchAgent - Loading agent
19:10:26.502 [main] DEBUG com.github.mc1arke.sonarqube.plugin.CommunityBranchAgent - Transforming class org.sonar.core.platform.PlatformEditionProvider
19:10:26.826 [main] DEBUG com.github.mc1arke.sonarqube.plugin.CommunityBranchAgent - Transforming class org.sonar.server.almsettings.MultipleAlmFeature
2023.02.25 19:10:27 WARN  app[][startup] ####################################################################################################################
2023.02.25 19:10:27 WARN  app[][startup] Default Administrator credentials are still being used. Make sure to change the password or deactivate the account.
2023.02.25 19:10:27 WARN  app[][startup] ####################################################################################################################
2023.02.25 19:10:27 INFO  web[][o.s.s.p.Platform] Web Server is operational
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.sonar.process.PluginSecurityManager (file:/opt/sonarqube/lib/sonar-application-9.9.0.65466.jar)
WARNING: Please consider reporting this to the maintainers of org.sonar.process.P

thanks
Arun

Colin · February 27, 2023, 10:09am

Hey there.

Have you made sure your SAML configuration looks correct (and that SAML is enabled?)

arun2022 · February 27, 2023, 11:03am

Yes, Colin. SAML was already enabled (9.3 version) and was working as expected till 9.8 version.

Thank you

Colin · February 27, 2023, 1:52pm

Is it enabled now (on your SonarQube 9.9) instance?

I’m assuming you’re still able to login with a local user to check.

Aleksandr_Khomenko · February 28, 2023, 12:19pm

Hello
I have the same problem with authentification after upgrading from 9.8 to 9.9.
My Sonarqube runs in k8s and the local admin user name and password are passed via environment variables.
I googled how to force disable SAML and didn’t get any solution.
I’m not able to connect to my Sonarqube. Internal users credentials doesn’t work.
Can you give some advice on the next steps?
Can I rollback to 9.8 version or my DB already had been updated?

Updated:
Yes, hopefully, I’ve rolled back to 9.8 version and got back my SAML auth.
FYI: disabling SAML and upgrade upto 9.9. didn’t solve the problem. So I’m going to stay on 9.8

arun2022 · March 1, 2023, 12:25am

Yes, I did the same. We use SAML login only. So I Stayed with 9.8 for now.

These are my docker images
sonarqube:9.8
postgres:10.1

Colin · March 2, 2023, 3:49pm

For anybody facing issues with SAML, I think it’s important to define what you mean by “the problem”.

For @arun2022 it sounds like there was no SAML button to login with at all.
For @Aleksandr_Khomenko it sounds like the SAML login doesn’t work (but the button is there)

@arun2022 – can you share how you’ve configured your Docker container (a docker-compose.yml file, for example). It sounds like maybe your SonarQube instance isn’t connecting to the database, which is the root problem to solve.

@Aleksandr_Khomenko If login isn’t working (but the button is there), you should check the logs (specifically web.log) after a failed login to start understanding what the issue could be.

arun2022 · March 4, 2023, 4:56am

Hi Colin,

Thats correct. I don’t see the SAML button to log in. Please find the Docker compose file below.

    db:
        environment:
            POSTGRES_DB: sonarqube
            POSTGRES_PASSWORD: XXX
            POSTGRES_USER: sonar
        image: postgres:10.1
        logging:
            driver: syslog
        restart: always
        volumes:
        - /data/pg_data:/var/lib/postgresql/data
    sonarqube:
        depends_on:
        - db
        environment:
            SONARQUBE_JDBC_PASSWORD: XXX
            SONARQUBE_JDBC_URL: jdbc:postgresql://db/sonarqube
            SONARQUBE_JDBC_USERNAME: sonar
            SONAR_SEARCH_JAVAADDITIONALOPTS: -Dlog4j2.formatMsgNoLookups=true
        image: sonarqube:9.8.0-community
        logging:
            driver: awslogs
            options:
                awslogs-create-group: 'True'
                awslogs-datetime-format: \[%b %d, %Y %H:%M:%S\]
                awslogs-region: us-east-1
        ports:
        - 9000:9000
        - 9092:9092
        restart: always
        volumes:
        - /data/sonar_data:/opt/sonarqube/data

Colin · March 6, 2023, 1:55pm

These deprecated (now removed) variables no longer work. See the upgrade notes:

The deprecated SONARQUBE_JDBC_USERNAME, SONARQUBE_JDBC_PASSWORD, and SONARQUBE_JDBC_URL variables have been removed. See Environment variables for up-to-date configuration variables.

arun2022 · May 20, 2023, 1:59pm

Thanks, Colin. That worked.

Topic		Replies	Views
9.9 LTS fails to integrate with SAML authentication at upgrade SonarQube Server / Community Build	2	323	July 15, 2023
Sonar SSO not working after migration to 8.9.3 SonarQube Server / Community Build authentication , sso , saml	5	983	December 28, 2021
SAML error after upgrade to 8.4 SonarQube Server / Community Build saml	7	4970	July 27, 2020
Error after upgrading to sonarqube-8.9.7 SonarQube Server / Community Build saml	3	715	April 5, 2022
SAML authentication gives unauthorized error after upgrading from 7.9.5 to 8.9 SonarQube Server / Community Build saml , 8-9-lts-upgrade	1	855	June 8, 2021

9.8 to 9.9 upgrade issue - SAML not working

Related topics