Enable saml in version 9.9

We just upgraded to version 9.9 LTS, and we want to use saml as our main authentication process.
we are using Azure AD cloud, when we tried to login, it is giving me an error of “you’re n authorized to access this page” but the test in Azure side is successful, (Microsoft Entra ID successfully issued a token (SAML response) to the application (service provider). If you still can’t access the application you need to contact the software vendor and share the information below.)

what I am missing, please see attached configs for reference

Hi,

When you click the ‘Test Configuration’ button in SonarQube, what happens?

 
Ann

I get the following message:
The page you were looking for does not exist.
You may have mistyped the address or the page may have moved.
[Go back to the homepage]

Hi,

Sorry, but I need to double check.

When you clicked this button

You got that 404 message?

 
Thx,
Ann

yes that is right, when I click that “test configuration” it open a new window and give me the 404.

Hi,

Thanks for confirming. I’ll flag this for the team.

 
Ann

Hello,

Is “Reply URL” you set in the Azure configuration correct? Especially if you have defined a “Server base URL” for your instance (sonar.core.serverBaseURL) or if you run behind a proxy.
This URL will be part of the oauth2 payload that you get back from Azure and will be used by your browser to continue the authentication process.

yes our reply url is “https://sonarqube..com/oauth2/callback/saml” Please note the test in the azure side is successful. Please see some screenshot I attached in my previous messages.

Can you tell us what is the URL of the page that SonarQube tries to send you to when you click the “test configuration”? You can see it using the Network tab of your browser debugger and by checking “Preserve log”.

As a reference here is the diagram of the SAML process:

Your error could come from a few places, but the most frequent is step 6 when the reply URL does not resolve correctly from your browser.

sonarlog-TestConfiguration.txt (117.3 KB)

Hi Steve,
not sure if this is what you need:
Referer: SonarQube

but I attached here the complete fiddler log for test config process, please rename it to “sonarlog-TestConfiguration.saz” for you to be able to open it in fiddler. sorry I had to use this way since I can’t catch in debugger view, it is opening in another window when I hit test.

additionally I also attached here log when I login using saml in login page, replace txt with saz too
sonarlog-loginWithSaml.txt (197.8 KB)

Hello,

Sorry for the delay, I wasn’t available for the last two weeks.
I reviewed the logs you sent me, and it seems you have an issue at step 3.
After clicking on the Test configuration button, a redirection to your Identity Provider is returned to allow you to begin the authentication process.
This is what it looks like locally for me:

Note that the Location of the redirection is the URL I configured in the settings.

While analyzing the logs you provided, the content of the redirection query is:

which explains the behavior you are observing.
While I noted that this parameter looks correctly configured in the screenshot of your configuration that you showed at the beginning, I can’t really explain what is happening with the information I have. This configuration can also be controlled with the SonarQube property sonar.auth.saml.loginUrl.
I hope this can help you!

update on here, sorry it took me sometime to reply.
the test in my sonarqube saml authentication test

is successful however I get the following error when I login:

You’re not authorized to access this page. Please contact the administrator.
Reason: The response was received at http://sonarqube.companyname.com:9000/oauth2/callback/saml instead of https://sonarqube.companyname.com/oauth2/callback/saml

and I tried IIS and saml authentication

when I apply this suggestions saml authenticatio test is failing with “not found” error