Cannot configure SSO for Azure AD

I’m trying to configure SAML authentication with Azure AD.
But I’m stuck at the configuration on Sonarqube.

I cannot click Enable at the bottom of the page because it says that the field Identity Provider Certificate doesn’t contain anything - which it does.
I have pasted the certificate into that field.
I have also made sure that there is no spaces and tried numerous things to get the form to understand that it does contain a certificate.

I have also tried three different browsers.
I’m following this guide: How to setup Azure AD

Any idea what could be wrong?

Hi,

Welcome to the community!

Any errors in your browser console? Also, what version of SonarQube are you using?

 
Ann

We’re using sonarqube:9.7.1-developer.

No errors in the browser.
If the form is empty all required fields are listed when I have the mouse pointer over the Enable toggle, but one after another disappear when I add something the respective fields except for the field for the certificate.
It doesn’t seem to matter what I put in that field. It just behaves as if it’s empty.

Hi,

Could you provide a screen shot with the good stuff blured out? Also, did you check your browser console for errors?

 
Ann

My mistake, this one was the community edition.

Here is the screen shot, including some errors in the console:

Hi,

Thanks for the screenshot. I’ve flagged this for developer attention.

 
Ann

1 Like

Hi,

What happens if you ‘Save configuration’? Can you test then?

 
Ann

No difference unfortunately

1 Like

Hi, any news about this?

Hello @squser1,

Are you able to save the configuration, or also the save operation fails?
If you save the configurations, leave the admin panel and open it again, are all the fields shown with a value?

When I first try to save the configuration, I get “The request cannot be processed. Try again later.”
Then I just add some character in one of the optional fields and try to save again and it works. When it’s saved I can remove the character in the optional field and save again.

But when I leave the admin panel and open it again all fields are emptied except for the “Application ID” and “Provider Name”.

From this description, it really feels like the save operation is never being completed.
Is the green check happearing close to the Save configuration button?

This is the signal that the configuration has been saved properly.
It seems that the next attempts are just not throwing the error message, but they are still not completing properly.

It would be interesting to see the server logs when the Save Configuration button gets pressed.
From your network analyzer I can see a lot of timeout errors with 504 status code.
Are you able to see there the result of the set API call? That is the one done when saving the properties.

I get the green check when the save “succeed”

This is what I see in the log when I click save (not sure if this is what you’re asking for):

On Chrome it looks like this:

The call to the api/settings/set is the one for saving the value, while the call to api/settings/values is the one for retrieving the value just saved.

If everything is fine the api/settings/set call should have a status 204, while the call to api/settings/values should return a 200 status.

In this example I modified the mapping for the email field, the set call was used for storing it, and the next one for retrieving it from the database.

I think I found the problem.
We’re using an Azure Application Gateway in front of the SonarQube.
I found out that if I accessed SonarQube on the IP address and bypassed the AGW it worked, so when I looked at the logs at the AGW I found a few rules in the WAF that blocked this.
Once we took care of that it worked fine.

Case closed…

2 Likes

Thanks for letting us know @squser1, this is totally consistent with the API calls that were timing out with those 504 Errors in your screenshot.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.