Hello Riza,
The Cookie ‘OAUTHSTATE’ is missing error usually means either:
- Authentication is being initiated from the IDP (Identity Provider) rather than SonarQube (the SP, or Service Provider) itself.
- Are you actually initiating login directly from SonarQube? usually something in between is affecting the existence of a cookie called OAUTHSTATE
Here are sometimes on how it should work :
- Before redirecting on the SAML provider, SonarQube will creates a Token.
- From this token:
- it will put a cookie named OAUTHSTATE whose value corresponds to a sha256 hash of this token (this on the SonarQube domain).
- it will redirect (think HTTP 302) to the SAML provider with a request parameter named RelayState proving this token value
- When the authentication is done, the SAML provider will also redirect also with this RelayState parameter and the same value
- SonarQube will check that the sha256 hashed value of RelayState matches with the cookie value of OAUTHSTATE setup before