Okta tile for sonarqube lands on permission denied page

Sonarqube Enterprise Edition Version 9.6.1 (build 59531)

Issue details:
Login via Okta Dashboard, sonarqube tile:
when we click the sonarqube tile in Okta to login and start using the application it gives the following:

Okta tile gives unauthorised access: “You’re not authorised to access this page. Please contact the administrator.”

we tried recording what’s the URL it’s using, found that
it starts with
SAML login url (?fromHome=true)<— URL from Okta tile
https://$host/oauth2/callback/saml <— SAML redirect
https://$host/sessions/unauthorized <— it stops here

Login via sonarqube default landing page:
whereas if we instead of going through Okta, visit sonarqube application URL directly it asks us to Login and
when we click the button “Log in with Okta” it works seamlessly.

we tried recording what’s the URL it’s using, found that
it starts with
SAML login url ( ?SAMLRequest=&RelayState=)<— URL from Sonar default page login

image

question is we have checked the following and our configuration is fine

but why does it behave differently when we click through OKTA tile or Sonarqube’s login with Okta button?

Hey there.

Starting in SonarQube v9.7 there is the possibility of testing SAML configuration right in the UI.

Since SonarQube v9.6 is EOL (and has been since 9.7 was released), I suggest upgrading to SonarQube v9.9 LTS and testing your configuration in the admin console.

Hi @Romeo_Gupta,

As I understand, you are trying to initiate the SSO from Okta, and it leads to the SSO failure. As per the SonarQube documentation, the SonarQube SAML ​does not support IdP-initiated SSO, and hence ​you are getting an “unauthorized access” error message.

I would like to suggest giving a try to miniOrange SAML plugin. As it supports IDP-initiated SSO, it will help you to achieve your requirement.

Feel free to reach out to us at miniOrange Helpdesk OR drop an email at info@xecurify.com for further assistance.

Thanks,
Himanshu