We have now added NGINX, but we get a different error:
You’re not authorized to access this page. Please contact the administrator.
Reason: This account is already associated with another authentication method. Sign in using the current authentication method, or contact your administrator to transfer your account to a different authentication method.
The setup is as:
NLB (443) → NGINX (443) → Sonar (9000)
We are using nginx installed on the same EC2 instance as SonarQube with the following config:
Does the user you’re trying to login with via SAML already exist as a local user?
If that is the case, you will have to update the identity provider of the user using POST api/users/update_identity_provider endpoint using saml as a value of the newExternalProvider and and the value of the login of the user in Okta(most likely email) as newExternalIdentity.
Hi Wojciech, I deleted the user I was testing with, so I am not sure that applies.
Does deactivating (deleting) the user actually delete the user?
For now we are using a half baked solution, using OKTA’s LDAP endpoint, and we’ve configured sonar.properties ldap to work with it, but its about 10-12 second slow when logging in, i.e. from AWS Cloud to OKTA cloud LDAP auth over TLS.
There is a manual and step by step on how to setup a new server (e.g. community) on AWS with OKTA integration, that would be great.
If you select the option to Delete user's personal information, the account is deleted.
Otherwise, deactivating only removes the some of the user data e.g. email address and marks the user as deactivated.
Either way, the user should still be able to log in.
If you deactivate the user, does the error message still say This account is already associated with another authentication method.? It should not be the case for a deactivated user.
We have a guide about setting up SAML with Okta, the cloud provider used makes no difference for the set up of SAML.