Generate metadata for SonarQube SAML SSO

wlt · March 5, 2019, 6:54am

I am using SonarQube Enterprise with version 6.7.3.38370 and SAML plugin version 1.1.0 (build 181).
I am configuring SSO with ADFS,

Is there anyway to generate SSO metadata ?

What is SonarQube SAML endpoint to inserted in Location of AssertionConsumerService tag ?

Currently I am using https://sonarqube/auth/realms/sonarqube/protocol/saml
but upon testing the ADFS service, it shows

The request specified an Assertion Consumer Service URL ‘https://sonarqube/oauth2/callback/saml’ that is not configured on the relying party ‘https://sonarqube’.

Assertion Consumer Service URL: https://sonarqube/oauth2/callback/saml

Relying party: https://sonarqube.com

How do i get SSO metadata so I can provide the metadata to ADFS provider setting?

Anuj_Gupta · November 5, 2020, 5:14pm

I am also finding the solution for this. Did you get a solution yet?

kirkpabk · February 1, 2021, 11:36am

I know this is a long time ago–but maybe this will help others:

$adfsUri = “https://<your_ADFS_endpoint>/FederationMetadata/2007-06/FederationMetadata.xml”

$federationMetadata = Invoke-WebRequest -Uri $adfsUri

$metadata = $federationMetadata.Content

[xml]$SPMetadata = $Metadata
$SPAssertionConsumerServiceURL = SPMetadata.EntityDescriptor.SPSSODescriptor.AssertionConsumerService | ? {.Binding -eq “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”} |
% {$.Location}
$SPIssuerURI = $SPMetadata.EntityDescriptor.entityID
$SPSignatureCertificate = SPMetadata.EntityDescriptor.SPSSODescriptor.KeyDescriptor | ? {.use -eq “signing”} |
Select-Object -Last 1 |
% {$.KeyInfo.X509Data.X509Certificate}

Write-Host “SP Issuer URI: $SPIssuerURI”
Write-Host “SP Assertion Consumer Service URL: $SPAssertionConsumerServiceURL”
Write-Host “SP Signature Certificate:”
Write-Host $SPSignatureCertificate

Set-Clipboard -Value $SPSignatureCertificate

This will provide you some elements that can be directly cut-n-pasted into the entries within SonarQube.

khopithan · February 8, 2021, 6:34am

Hi all,

Did anyone find any solution to generate metadata file ? If yes, plz share it. Thanks

Regards,
Khopi

kirkpabk · October 7, 2021, 11:46am

The metadata file is usually generated on demand by your Identity Provider (IdP) and shared with the Service Provider (SP) [SonarQube]. The IdP metadata XML file would contain the IdP certificate, the entity ID, the redirect URL, and the logout URL. For Active Directory Federated Services (AD FS), for example, the script above shows the typical path if you had that provider available within your environment.

Topic		Replies	Views
SonarQube SSO using PingFederate SonarQube Server / Community Build sonarqube , sso , saml	2	1142	April 5, 2021
SonarQube 8.4 SAML metadata SonarQube Server / Community Build sonarqube , sso , saml	3	2131	May 30, 2022
SonarQube(8.9 LTS) Community Edition Kerberos (SSO) SonarQube Server / Community Build sonarqube , sso , saml	1	1317	November 2, 2021
How to get sonarqube metadata. \| ACS and Entity ID SonarQube Server / Community Build sso , saml	1	1887	April 2, 2021
Need help with SonarQube SSO SonarQube Server / Community Build sso	0	452	February 19, 2021

Generate metadata for SonarQube SAML SSO

Related topics