SonarQube adds a “/” to the URL where SAML request is posted. That is, if the SAML login URL is set to https:://idp.com/idp/SSO.saml2 the SonarQube issuea a GET request to
https:://idp.com/idp/SSO.saml2/?SAMLRequest=<…>
i.e., inserts a “/” before the URL query.
This is an invalid URL and PingFederate is rightly generates HTTP 404 when it gets it.