Error to authenticate sonarqube with SAML

Hi

Using SonarQube 9.7
I ran my sonarqube on AWS EKS under ingress controller (reverse proxy) traefik v2.x
and NLB (AWS Network load balancer) the ssl off load is done on the LB.

The application works fine but after integrating with OKTA (SAML) I am getting an error to authenticate with users:

You’re not authorized to access this page. Please contact the administrator.

Reason: The response was received at http://sonarqube.mydomain.com/oauth2/callback/saml instead of https://sonarqube.mydomain.com/oauth2/callback/saml

I didn’t find any solution on how to resolve it , I guess it is related to the LB and reverse proxy.

any idea how to solve it ?

Hey there.

It appears the difference is in http and https in the URL where SonarQube thinks the SAML message is being received. This is usually solved by setting the X-Forwarded-Proto to https in whatever is proxying your SonarQube server over HTTPS.

I do have X-Forwarded-Proto to https but still fails with the same error message. Any hints ?