Error "Not Authorized" when using IIS Reverse proxy and SAML

  • Sonarqube version 9.9
  • Deployed using a zip file
  • Running on Windows Server 2016 Datacenter
  • Using IIS as the Reverse Proxy

We are currently attempting to integrate our Sonarqube and F5 SAML. Our Sonarqube deployment is running on Windows Server 2016 with IIS doing the Reverse proxy to port 443. We followed the IIS configuration in the Operating the server documentation. When enabling SAML we are getting the following error message

You’re not authorized to access this page. Please contact the administrator.

Reason: The response was received at instead of

I found the following article which shows the same error message SonarQube Users: Let's talk about IIS and SAML Authentication! however after following the steps we still get the same error.

One thing I noticed between the two articles is the header forwarder. In the “Operating the server” article it has you set it as " X_FORWARDED_PROTO" and in the “sonarqube-users-lets-talk-about-iis-and-saml-authentication” it has you set the header with “HTTP_X_FORWARDED_PROTO”. I attempted to make the change however I get a 500-page error when doing so. Is having the “HTTP” required to make SAML redirect correctly? If so can someone help identify why I am getting a 500 error when adding it in?


Welcome to the community!

The documentation you reference is a bit generic, while the guide you’ve pointed to was crafted to guide you through precisely this situation. I would go with the guide.

As mentioned in that guide, the error you quote above is probably caused by the fact that:

your Identity Provider must be aware it should redirect to an HTTPS URL rather than HTTP