SAML settings are working good on developer version 8.2 and after upgrade to 8.4 resulting the following error:
You’re not authorized to access this page. Please contact the administrator.
Note - SAML settings was working from version 7.8 to 8.2, I don’t think so any settings issue
Also can’t revert back to version 8.2, SonarQube stopped working, log as below:
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
2020.07.30 19:53:34 INFO app[o.e.p.PluginsService] no modules loaded
2020.07.30 19:53:34 INFO app[o.e.p.PluginsService] loaded plugin [org.elasticsearch.transport.Netty4Plugin]
2020.07.30 19:53:51 INFO app[o.s.a.SchedulerImpl] Process[es] is up
2020.07.30 19:53:51 INFO app[o.s.a.ProcessLauncherImpl] Launch process[[key=‘web’, ipcIndex=2, logFilenamePrefix=web]] from [/opt/sonarqube/sonarqube-8.2.0.32929]: /usr/lib/jvm/java-11-openjdk-11.0.7.10-4.amzn2.0.1.x86_64/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube/sonarqube-8.2.0.32929/temp --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.|[::1] -cp ./lib/common/:/opt/sonarqube/sonarqube-8.2.0.32929/lib/jdbc/postgresql/postgresql-42.2.8.jar org.sonar.server.app.WebServer /opt/sonarqube/sonarqube-8.2.0.32929/temp/sq-process4649800968473646926properties
2020.07.30 19:54:00 INFO app[o.s.a.SchedulerImpl] Process[web] is stopped
2020.07.30 19:54:00 WARN app[o.s.a.p.AbstractManagedProcess] Process exited with exit value [es]: 143
2020.07.30 19:54:00 INFO app[o.s.a.SchedulerImpl] Process[es] is stopped
2020.07.30 19:54:00 INFO app[o.s.a.SchedulerImpl] SonarQube is stopped
← Wrapper Stopped
Additionnal SAML checks
SAML authentication adds additional checks for validating SAML responses from the identity provider. This could reveal a non-standard configuration that needs to be updated. Information will appear in the logs upon a failed login attempt in the event that the configuration needs to be tweaked.
Here is the error from web logs, what is that meaning & how to fix these errors. My setup is not using any ALB, I am just redirecting http traffic https for SAML.
Any fix for this issue, not configured ELB. SonarQube hosted on AWS linux instances and using apache2 redirecting the traffic to https by using the below config (this was working from SonarQube developer edition 7.8 to 8.2):
<VirtualHost *:80>
ServerName
RewriteEngine on
Redirect / https://
<VirtualHost *:443>
ServerName
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
For those struggling with this issue, our solution was to change the recipient and destination URLs on the IDP side to match the non HTTPS URL, the post is still sent to the HTTPS endpoint so the traffic is secure but inside the actual SAML assertion the intended target is the HTTP/Port 9000 URL. For those using Okta:
