Difficulty setting SAML x509 certificate through Web API

Hello all,
I’m using SonarQube 9.2.4 deployed on a Kubernetes stack using the sonarqube helm chart. I am scripting a configuration for my deployment and have been trying to get SAML authentication configured using the WebAPI to tie into a Keycloak instance for authentication. I have gotten that working properly when configured through the normal administration pages and have gotten all settings to work properly except for the x509 certificate for the IDP.
In particular, I am trying to set sonar.auth.saml.certificate.secured with the x509 certificate. I have tried setting the value directly, just with sonar.auth.saml.certificate (in the hopes that there was a back end process that performed encryption), URL encoding/not, etc. I could not find any instructions in the Web API documentation for working with ‘secured’ properties and haven’t been able to find any references in the community forums yet. Any suggestions?

Thanks,

  • Ben DeVore
1 Like

Hi Ben,

Welcome to the community!

You’re not finding those Web API docs because those calls are all marked internal. That means that if you choose to use them, it’s at your own risk because they’re subject to change without notice. And that’s also why you’re not finding any documentation on this. We just haven’t put any thought / effort into making this available outside the UI.

 
HTH,
Ann

1 Like

@ganncamp What will be the curl command to post the cert.

I’m using the below one but looks like the value is not pulling the right information from file
curl -X POST -i ‘https://sonarqube/api/settings/set’ --data ‘key=sonar.auth.saml.certificate.secured&value=@/tmp/saml.cert’ -vvv

I would appreciate your help on this…!!

Thanks,
Sowmya

@ganncamp Thanks for the information… understanding that it isn’t supported/documented and could break in the future, what is the proper procedure to set that? Turning on ‘internal’ options in the WebAPI documentation I see api/settings/encrypt, is that the right method call to use to create that? Would I create the encrypted value then set that as the ‘secured’ portion of the setting?

Thanks,

  • Ben
1 Like

Hi Ben,

Actually, it’s worth pointing out that once you’ve set the certificate, it will be stored in the DB. So this should’t be something you need to set in deployment configuration.

 
Ann

1 Like