- which versions are you using SonarQube Enterprise Edition 10.4.1
- how is SonarQube deployed: Helm
- what are you trying to achieve: OKTA SCIM Authentication to SonarQube
- what have you tried so far to achieve this: We did initial OKTA SCIM integration and pre-onboard around 1000 Developers. Developers had access and were able to login to SonarQube. Some of these (around 10 procent) lost their access after some time
We already had some issues with OKTA SCIM integration, after upgrade to 10.4, issues were fixed. But after some time we started to face issue that OKTA started to report following issue:
Automatic profile push of user <user-name> to app SonarQube - PROD failed: Error while trying to push profile update for <user-email>: Internal Server Error: Errors reported by remote server: Error while processing request
Some basic configuration on OKTA Side:
Single sign-on URL: https://mysonar.com/oauth2/callback/saml
Recipient URL: https://mysonar.com/oauth2/callback/saml
Destination URL:
https://mysonar.com/oauth2/callback/saml
Some interesting findings:
When me as admin generated user token for user, he had access via API with no issues
User is displayed in SonarQube users with no issues
Reprovisioning of users is giving same error
Removing and adding user to the Okta APP fixes the issue but I’m afraid the access will be lost again after profile update
User is getting error during login:
You're not authorized to access this page. Please contact the administrator.
Reason:
You have no account on SonarQube. Please make sure with your administrator that your account is provisioned.