9.9 LTS fails to integrate with SAML authentication at upgrade

Make sure to tell us:

  • What version are you upgrading from?8.9 LTS to 9.9 LTS
  • What’s the issue you’re facing? SAML authentication
  • System information: I am upgrading from Sonarqube 8.9 LTS to 9.9 LTS. The application is containerized as a docker image and ran on an ECS Fargate Cluster. This application also runs a PostgreSQL database of version 15.3 in the backend. In my case, both the application and database are been upgraded in this process from 8.9 LTS to 9.9 LTS and from 13.8 PostgreSQL to 15.3. However, after upgrading the application, I can not login into the 9.9 LTS version application with SAML authentication. The button do exists, but whenever I am trying to login, I get an error saying “You’re not authorized to access this page. please contact the administrator”.Reason: Invalid issuer in the Assertion/Response. Was ‘https://sts.windows.net/xxxxxxxxx/’, but expected ‘https://sts.windows.net/xxxxxxxxx’. "

Now from the reason, I see that the only difference in these two urls is the extra “/” at the end. This url is the value of the sonar.auth.saml.providerId. This value is passed as an environment variable to the application container. These values are also reflected in the database which I logged into and double checked the sonar.auth.saml.providerId but did not have an extra “/”.

Although I can not login via SAML, I can login with admin credentials. The app seems to be upgraded and all but other users can not login. I am wondering what may be causing the issue with the SAML authentication. I would appreciate some sort of solution or insights.


Welcome to the community!

Since your URLs are https, I’m guessing there’s a proxy in the mix? Can you make sure it’s not adding that trailing /?


I was able to figure out the solution. I do not know what could have been the cause but after updating the sonar.auth.saml.providerId and sonar.auth.saml.certificate.secured values with the same values by running couple postgreSql commands I was able to fix it. Below is the command
UPDATE properties
SET text_value = ‘https://sts.windows.net/xxxxxxxx
WHERE prop_key = ‘sonar.auth.saml.providerId’;

I ran the same command for the sonar.auth.saml.certificate.secured and passed the corresponding cert value. Rebooted the DB and I was able to login.

I would go ahead and assume the DB had “cached” these values and running the update command after the DB upgrade “refreshed” it somehow