Error sso - entra id

SonarQube Cloud
1
  • ALM used (Azure DevOps)
  • CI system used (Azure DevOps)
  • Error observed (" Hey!

Sorry, but we couldn’t verify your authorization to access this page.

[Home])")

  • Steps to reproduce
    Configuracion SSO Completada exitosamene:
    {
    “user_id”: “saml-c5bbf1d6-7ea2-4dce-a048-XXXXXXXXX|micuenta@midominio.xx”,
    “name”: “micuenta@midominio.xx”,
    “given_name”: “nombre”,
    “family_name”: “apellido”,
    “sessionIndex”: “_3889cdf1-76ed-4422-88bb-c3f305422800”,
    “tenantid”: “d1bf4087-52c2-42b9-913e-XXXXXXXXX”,
    “objectidentifier”: “2ee25cad-0ada-43fb-8e4c-XXXXXXXXXXXX”,
    “displayname”: “Mi cuenta”,
    “identityprovider”: “sts windows net d1bf4087-52c2-42b9-913e-XXXXXXXXX/”,
    “authnmethodsreferences”: [
    “schemas microsoft com ws 2008 06 identity authenticationmethod/password”,
    “schemas microsoft com claims multipleauthn”
    ],
    “nameIdAttributes”: {
    “value”: “micuenta@midominio.xx”,
    “Format”: “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”
    },
    “authenticationmethod”: “urn:oasis:names:tc:SAML:2.0:ac:classes:Password”,
    “issuer”: “sts.windows.net-d1bf4087-52c2-42b9-913e-XXXXXXXXXX”,
    “provider”: “samlp”,
    “connection”: “saml-c5bbf1d6-7ea2-4dce-a048-XXXXXXXXXX”
    }
    Entar-ID
    |Nombre del Claim|Tipo|Valor|
    |—|—|—|
    |Required claim|||
    |Unique User Identifier (Name ID)|SAML|user.userprincipalname [nameid-format]|
    |Additional claims|||
    |schemas microsoft com ws 2008 06 identity/claims/groups|SAML|user.groups [ApplicationGroup]|
    |schemas xmlsoap org/ws/2005/05/identity/claims/emailaddress|SAML|user.mail|
    |schemas xmlsoap org/ws/2005/05/identity/claims/givenname|SAML|user.givenname|
    |schemas xmlsoap org/ws/2005/05/identity/claims/name|SAML|user.userprincipalname|
    |schemas xmlsoap org/ws/2005/05/identity /claims/surname|SAML|user.surname|

Any Help!

3

Hey there.

Was it working before and it stopped working? Is this your first time setting up SSO config?

4

First Time!

5

Thanks. And you receive the error when clicking “Test Configuration”, as documented here?

Or the test is successful and the error only appears when actually trying to login?

6

The error occur when try to login. The test connection is succesfull. Here our configuration from Entra ID

image
image1045×519 42.5 KB

8

Thanks for the info. Frustrating that the connection is successful but the login itself fails! I’ve flagged this for the folks who can dig into the logs.

10

Hello @rromerop,

Do you see the following attributes when you test the connection in the self service page?

  • name
  • login
  • email
  • groups

This is required for the login to work.

Cheers,
Sarath!

11

We correct the Entra ID configuration, and then receive this

Our accounts don’t have inbox.

12

@rromerop,

This is an added security measure on our side and is a one time process to verify the email. Could you try to configure mailbox for this email or use a different email on entra that has access to a mailbox?

13

Sarath Nair, all this effort to get SSO authentication started on July 7th when you requiere this verification step. For security concerns the accounts we use dosen’t have any mailbox. I hope you can deactivate this as you done for our azure devops access.

14

@rromerop,

Email verification for SSO users is something we had for quiet some time now. I will discuss with the team and see what are the best options here.