Authentication error using SAML with Keycloak

Hi,
I am using Sonarqube version 9.9.7-community, deployed by docker.
I am trying to connect SAML with keycloak using the documentation of sonar:

After I configure all steps of Sonar, I try to test and I get this logs error:
[o.s.s.a.AuthenticationError] CSRF state value is invalid
ERROR web[c.o.saml2.Auth] Invalid settings: idp_cert_or_fingerprint_not_found_and_required
ERROR web[c.o.s.s.Saml2Settings] idp_cert_or_fingerprint_not_found_and_required

I use just the certificate of Identity provider certificate from Keycloak inside the Sonarqube, I do not use Service provider private key and Service provider certificate that looks like optional.
But always I get this error.

Anyone have any idea that could be ?

Thank you for your time.

Hey there.

What format are you providing the IDP certificate? This user found they needed to not include the BEGIN CERTIFICATE and END CERTIFICATE lines.

Hey Colin,
I tried with BEGIN CERTIFICATE… and without BEGIN CERTIFICATE… both ways. But no luck.

Thanks @devbr. I’m passing this on for some expert eyes, also because I don’t have time to dig into it further before I leave on holiday.

Thank you Colin, I appreciate if someone could help me with this.

Hi @devbr

Sorry for the late response.

This error usually shows up when the Sign requests toggle is enabled without the Service provider private key and the Service provider certificate. So when Sign requests is disabled, those fields are optional.

Is Sign requests enabled for you?

When you say that you “test,” do you mean you try to log in, or do you use the test configuration button? If it’s the second case would you have any additional logs?

Moreover, would you be able to provide your SAML configuration privately? (I just sent you private message)

Cheers

Hello,
Thank you for response, the Sign request is disable, I sent you the configs privately.