9.8 to 9.9 upgrade issue - SAML not working

Make sure to tell us:

  • What version are you upgrading from? 9.8-community
  • System information (Operating system, Java version, Database provider/version)
  • What’s the issue you’re facing?

I’m not getting SAML login prompt and it just shows only normal username/password login fields.

From the logs I don’t see any errors apart from below warnings

 web[][o.s.s.a.LogOAuthWarning] For security reasons, OAuth authentication should use HTTPS. You should set the property 'Administration > Configuration > Server base URL' to a HTTPS URL.
2023.02.25 19:09:48 INFO  web[][o.s.s.p.UpdateCenterClient] Upda

02.25 19:10:24 INFO  web[][o.s.s.s.RenameDeprecatedPropertyKeys] Rename deprecated property keys
2023.02.25 19:10:24 WARN  app[][startup] ####################################################################################################################
2023.02.25 19:10:24 WARN  app[][startup] Plugin(s) detected. Plugins are not provided by SonarSource and are therefore installed at your own risk. A SonarQube administrator needs to acknowledge this risk once logged in.
2023.02.25 19:10:24 WARN  app[][startup] ####################################################################################################################
2023.02.25 19:10:24 INFO  web[][o.s.s.s.RegisterPlugins] Register plugins
2023.02.25 19:10:24 INFO  web[][o.s.s.p.w.MasterServletFilter] Initializing servlet filter org.sonar.server.platform.web.SonarLintConnectionFilter@4732ac14 [pattern=UrlPattern{inclusions=[/api/*], exclusions=[]}]

/temp/sq-process15891342916955288592properties
2023.02.25 19:10:25 INFO  web[][o.s.s.q.ProjectsInWarningDaemon] Counting number of projects in warning will be disabled as there are no more projects in warning.
19:10:26.483 [main] INFO com.github.mc1arke.sonarqube.plugin.CommunityBranchAgent - Loading agent
19:10:26.502 [main] DEBUG com.github.mc1arke.sonarqube.plugin.CommunityBranchAgent - Transforming class org.sonar.core.platform.PlatformEditionProvider
19:10:26.826 [main] DEBUG com.github.mc1arke.sonarqube.plugin.CommunityBranchAgent - Transforming class org.sonar.server.almsettings.MultipleAlmFeature
2023.02.25 19:10:27 WARN  app[][startup] ####################################################################################################################
2023.02.25 19:10:27 WARN  app[][startup] Default Administrator credentials are still being used. Make sure to change the password or deactivate the account.
2023.02.25 19:10:27 WARN  app[][startup] ####################################################################################################################
2023.02.25 19:10:27 INFO  web[][o.s.s.p.Platform] Web Server is operational
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.sonar.process.PluginSecurityManager (file:/opt/sonarqube/lib/sonar-application-9.9.0.65466.jar)
WARNING: Please consider reporting this to the maintainers of org.sonar.process.P

thanks
Arun

Hey there.

Have you made sure your SAML configuration looks correct (and that SAML is enabled?)

Yes, Colin. SAML was already enabled (9.3 version) and was working as expected till 9.8 version.

Thank you

Is it enabled now (on your SonarQube 9.9) instance?

I’m assuming you’re still able to login with a local user to check.

Hello
I have the same problem with authentification after upgrading from 9.8 to 9.9.
My Sonarqube runs in k8s and the local admin user name and password are passed via environment variables.
I googled how to force disable SAML and didn’t get any solution.
I’m not able to connect to my Sonarqube. Internal users credentials doesn’t work.
Can you give some advice on the next steps?
Can I rollback to 9.8 version or my DB already had been updated?

Updated:
Yes, hopefully, I’ve rolled back to 9.8 version and got back my SAML auth.
FYI: disabling SAML and upgrade upto 9.9. didn’t solve the problem. So I’m going to stay on 9.8

Yes, I did the same. We use SAML login only. So I Stayed with 9.8 for now.

These are my docker images
sonarqube:9.8
postgres:10.1

For anybody facing issues with SAML, I think it’s important to define what you mean by “the problem”.

For @arun2022 it sounds like there was no SAML button to login with at all.
For @Aleksandr_Khomenko it sounds like the SAML login doesn’t work (but the button is there)

@arun2022 – can you share how you’ve configured your Docker container (a docker-compose.yml file, for example). It sounds like maybe your SonarQube instance isn’t connecting to the database, which is the root problem to solve.

@Aleksandr_Khomenko If login isn’t working (but the button is there), you should check the logs (specifically web.log) after a failed login to start understanding what the issue could be.

Hi Colin,

Thats correct. I don’t see the SAML button to log in. Please find the Docker compose file below.

    db:
        environment:
            POSTGRES_DB: sonarqube
            POSTGRES_PASSWORD: XXX
            POSTGRES_USER: sonar
        image: postgres:10.1
        logging:
            driver: syslog
        restart: always
        volumes:
        - /data/pg_data:/var/lib/postgresql/data
    sonarqube:
        depends_on:
        - db
        environment:
            SONARQUBE_JDBC_PASSWORD: XXX
            SONARQUBE_JDBC_URL: jdbc:postgresql://db/sonarqube
            SONARQUBE_JDBC_USERNAME: sonar
            SONAR_SEARCH_JAVAADDITIONALOPTS: -Dlog4j2.formatMsgNoLookups=true
        image: sonarqube:9.8.0-community
        logging:
            driver: awslogs
            options:
                awslogs-create-group: 'True'
                awslogs-datetime-format: \[%b %d, %Y %H:%M:%S\]
                awslogs-region: us-east-1
        ports:
        - 9000:9000
        - 9092:9092
        restart: always
        volumes:
        - /data/sonar_data:/opt/sonarqube/data

These deprecated (now removed) variables no longer work. See the upgrade notes:

  • The deprecated SONARQUBE_JDBC_USERNAME, SONARQUBE_JDBC_PASSWORD, and SONARQUBE_JDBC_URL variables have been removed. See Environment variables for up-to-date configuration variables.

Thanks, Colin. That worked.