I have recently upgraded to v8.1 from v7.9.1. I have read all the information on how to setup SSO using SAML in the documentation and this is not helping me (https://docs.sonarqube.org/latest/instance-administration/delegated-auth/) I am afraid. I have gone into the Security section of the Administration tab in SonarQube and have filled out all of the fields except the Certificate field. I was sent a Certificate from our Auth team and I have no idea how to enter this into the field. I have disabled our LDAP integration from within sonar.properties. I understand that SSO is now built into the product. So I have enabled the SAML configuration and entered in the relevant fields that were provided to me by our Identity Provider. I was given a CER certificate file and I understand that I need to provide this for the SAML button to show up at login.
Any thoughts on how I do that? Sorry for the basic questions, but I am not a SAML expert and the instructions are not exactly clear for our scenario. We do not have “KeyCloak” here to follow this example.
Which tool are you using to do SAML authentication ?
As it seems you’re not using KeyCloak, telling us which tool you’re using should help us to understand your issue.
Thanks so much for responding back. We are currently using SecureAuth as our IDP system. So since I posted the last question, I have since been able to make progress. I did in the end apply the certificate I was given and this solved my initial logging in problem. I am now able to log in. However I now face a separate problem… logging out …
The problem that we are having is that we use a “Logout URL” configuration for determining when a user has logged out of SonarQube and then releasing the session cookie after a set amount of time. So the question becomes, is there a configuration option for the Logout URL and if so, where is it? If not, is there a way that SonarQube then sets the session timeout value for SonarQube?
Hope this makes sense.
It’s a good news that you’ve been able to fix your issue.
I’ve also updated the title in order to specify that your issue was with SecureAuth.
The “Logout URL” is not taken into account in SonarQube. It’s not possible to disconnect a user from SonarQube when the user is disconnected from your external authentication system.
What you could do, is to update “sonar.web.sessionTimeoutInMinutes” in sonar.properties to set a lower value. Default one is 4320 minutes (3 days).
I will let the SAML team know the timeout option and see how they would like to proceed.
Thanks for the update.