AWS SSO and Sonarqube HTTPS

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
    I have the latest version lts(8.9.7.52159)

  • what are you trying to achieve
    I am trying configure SSO with HTTPS

  • what have you tried so far to achieve this:
    My enviroment use docker images for sonarqube, I have a docker compose for deploy this enviroment.
    I used NLB service on AWS as my load balance the listener is 443(https), my backend this load
    balance is instance have a sonarqube on port 9000 that is running a docker service.

I configured SSO however appears this message:

Only for test I recreated all environment just using load balance with listener with http and SAML authentication works fine:

I read on documentation that use HTTPS on Sonarqube it is necessary:

X_FORWARDED_PROTO: https in each HTTP request header. Without this property, redirection initiated by the SonarQube server will fall back on HTTP.

How to configure it on docker images or java web server that exposted sonarqube on port 9000, because my NLB is layer 4 I dont’t get pass header this load balance …

Thank you
Best Regards

Hi,

You need to set that header (X_FORWARDED_PROTO) in your AWS loadbalancer that terminates the HTTPS-connection.

Regards,
//Samuel

HI @saas2813, thank you for response …

Do you have a example this configuration about X_FORWARDED_PROTO on AWS?
I search, but I don’t found …

Thank you
Best Regards,

Sorry, can’t help you there. I did that configuration on NGINX.
Right now I’m chasing a related problem with singlesignon.

Hello @saas2813 I changed my NLB for ALB on it working fine, maybe I could help you with your SSO problem.What your ldp service?

Thank you
Best Regards

Hi, Thank you, I’m not sure I should Hijack your thread for this but it’s a little similar…
I have SonarQube OnPrem locked in with only https/443 allowed through the firewall.
Internal auth works after I added the header you had problems with. Now we added SAML auth and get the same problem with the redirect for that going to http. The only thing I have managed to find till now is that it might be related to the embedded Catalina and “add a redirect in the proxy”, but my proxy is on the same machine inside the firewall.

Please open a new ticket with sonnar community for discuss your problem …

Before I change my load balance, I tested NGINX reverse proxy, I set the header that your mentioned …
My problem was that nginx with listener 443 need a certificate and my case my certificate was AWS Load Balance, but the configuration works with SAML, but after SAML works my AWS SSO throw a page sonarqube with http, when I changed on browse for https works fine SAML Authentication, take a look this parameter(sonar.core.serverBaseURL) on your sonarqube, this parameter should be configured with you HTTPS URL, by default is localhost and HTTP, could be it you problem …
please find me on linkedin I will help you …

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.