Add new authentication method for Sonarqube

Hello,

We currently have our sonarqube deployed on EKS.
chart version: sonarqube-10.1.0+628, and app version: 10.1.0.

We already have the google auth plugin as an authentication method for Sonarqube, but is archived, and in the next Sonarqube version it will be obsolete. We are trying to configure SAML auth for google but is not working. The saml test is working successfully. But when we are trying to login is giving us this error:

You're not authorized to access this page. Please contact the administrator.

Reason: The response was received at http://sonar.domain.com/oauth2/callback/saml instead of https://sonar.ops.connatix.com/oauth2/callback/saml

Do you know why we are receiving this?

Thank you,
-Ionut

Hey there.

It appears the difference is in http and https in the URL where SonarQube thinks the SAML message is being received. This is usually solved by setting the X-Forwarded-Proto to https in whatever is proxying your SonarQube server over HTTPS.

Hello @Colin,

We already have that implemented in our haproxy. Seems like a buggy response from sonarqube.

Do you know if can be something else?

Thanks,
-Ionut

It’s pretty reliably X-Forwarded-Proto. Do you see the header making its way through if you use your browser’s dev tools?

Yes, I can see it.

It is very strange because on testing SAML is working and when I do login with SAML is not working.

this issue has been solved by adding the annotation on the ingress level:

    haproxy.org/backend-config-snippet:
      http-request set-header X-Forwarded-Proto https