Bad SAML request URL

aaron.stromas · October 4, 2018, 7:45pm

SonarQube adds a “/” to the URL where SAML request is posted. That is, if the SAML login URL is set to https:://idp.com/idp/SSO.saml2 the SonarQube issuea a GET request to

https:://idp.com/idp/SSO.saml2/?SAMLRequest=<…>

i.e., inserts a “/” before the URL query.
This is an invalid URL and PingFederate is rightly generates HTTP 404 when it gets it.

julienlancelot · October 5, 2018, 7:47am

Hi Aaron,

Indeed, we’re aware of this bug, which will be fixed in version 1.1 : https://jira.sonarsource.com/browse/SQAUTHSAML-9

For the moment, no ETA about the availability of this version, but we’ll keep you up to date when we’l know more about it.

Regards,
Julien Lancelot