Community Edition Version 9.7.1
Azure SSO for SonarQube using SAML
Hey thanks for reading in!
I am having issues when configuring the SonarQube SAML Authentication with the Azure IDP.
After configuring the Azure Enterprise Application and SonarQube with the below settings, the SonarQube SAML login page loops and does NOT authenticate users into the application.
I have the users explicitly assigned to the application in the Enterprise Application and the user accounts are NOT created in SonarQube.
I have been spinning my wheels here and I could use any assistance here. Let me know your thoughts!
Identifier (Entity ID) → Application ID
Certificate (Base64) → Identity provider certificate
(G Ann Campbell)
January 26, 2023, 6:46pm
What happens when you click the ‘Test configuration’ button?
When clicking Test Configuration, the page is redirected to the error page " The page you were looking for does not exist.". See screenshot
The user account does not redirect to the SAML login page and keeps the current account logged in.
I just had this very same issue. If you are doing SSL via IIS, take a look at this post. There are more steps needed in the reverse proxy setup not in the documentation.
We just recently stood up SonarQube Developer Edition Version 9.8. We are trying to set up SAML SSO to Azure AD but are running into issues. Here is what we have configured so far:
Reverse Proxy set up in IIS as described
SAML SSO configured to Azure AD as described here.
Server Base URL configured to: https://sonarqube.DOMAIN.com
When we click the Test Configuration button, we get the following error:
I’ve turned on DEBUG logging for the web.log and captured the SAML…
Yes, I have validated that we have Application Request Routing in place with the below setting configured. We also have the URL Rewrites in place as well.
After testing the configuration with setting, we are redirected to our SAML login page, but now there is a rewrite issue with the localhost. We has also changed the redirects to point to back our
sonarqube.DOMAIN.com as the reason stated, but with this change the application begins to loop again.
(G Ann Campbell)
February 1, 2023, 1:16pm
Have you configured your Server base URL?
To confirm, you did these steps
in addition to the ones listed in the documentation?
Colin is the MVP here, thankyou so much Colin!
So in summary, I needed to perform 5 actions as follows:
1 - In IIS settings, under Application Request Routing > Proxy settings, uncheck the box “Reverse rewrite in response headers”
2 - In IIS settings, under URL Rewrite > View Server Variables, add HTTP_X_FORWARDED_PROTO as an allowed server variable.
3 - In IIS settings, under URL Rewrite > Edit inbound rule, add HTTP_X_FORWARDED_PROTO for https (I did this in addition to X_FORWARDED_PROTO). …
Yes the Server base URL is configured both in Azure AD Enterprise Applications, as well as in SonarQube → Administration → SAML → Application ID. Should Server base URL be configured anywhere else?
We are now being taken to the Microsoft login page, but after authentication we are facing the issue mentioned below.
Have you set the Server Base URL in Administration → General → Server base URL? After updating, cycle the SonarQube service.
Yes, the Server Base URL has been set for the application. The Server Base URL was set prior to any SSO configurations.
The error seems to indicate something is not correct in your reverse proxy setup. Can you compare that your web.config found in the IIS physical path (inetpub according the docs) looks like this?
After looking at the web.config file, everything looks the same.