Azure SAML authentication errors

SonarQube Server / Community Build
1

Hi,

I’ve recently stood up a whole new install of sonarqube * Community Edition

  • v9.9.6 (build 92038) on a linux server. On trying to integrate logins with azure and saml, I am running into this error in the web.log:

WARN web[21fce3e6-1890-42a3-b0f7-2d4e45c17473][o.s.s.a.AuthenticationError] Failed to retrieve IdentityProvider for key ‘samlsaml’
java.lang.IllegalArgumentException: Identity provider samlsaml does not exist or is not enabled

I do have an apache proxy set up, reading through the documentation during install. The baseURL has also been set up.

When attempting to login via saml, I enter my credentials and see:

You’re not authorized to access this page. Please contact the administrator.

When turning on developer tools accessing the site, I also see:
https://mysite.mydomain:port/oauth2/callback/saml/oauth2/callback/saml.

Any assistance would be appreciated.

2

I find it really strange that in two places, you have some duplication going on.

(should just be “saml”)

Should be https://mysite.mydomain:port/oauth2/callback/saml/

Are these really the values you’re seeing in your logs and browser? Or was there some copy/paste mixup?

3

Thanks for the response. Yes, that’s exactly how it’s appearing in logs. I’ve spent days trying to find the duplicate and have been unsuccessful so far.

4

Can you share you have configured your apache proxy? It would not be unheard of for you to end up with duplicates in the URL, although that still doesn’t explain samlsaml.

5

Here you go, appreciate the help.
apache_proxy.txt (778 Bytes)

6

This has been resolved. Looks like the issue was on the azure side.

After making these changes in azure, saml logins are working.

removed an entry for the ‘sign on url’ containing https://host:port/
add an additional entityID entry for https://host:port/saml

I also checked the server baseURL, which is https://host:port/

1 Like