Problem: I’m trying to integrate SAML-based authentication in SonarQube using Google SSO. I’ve followed the documentation and configured everything. However, when I click “Login with [Company]”, I get the error: “You’re not authorized to access this page. Please contact the administrator.” I am the admin of both Google and SonarQube. What can I do to fix this?
I am using:
Any help or guidance would be greatly appreciated.
Thanks in advance!
What do the logs say? (specifically web.log, where auth related issues are logged).
Please also don’t forget to mention information requested in the template post, like what version of SonarQube you’re using.
version: Developer Edition v2025.3.1 (109879)
Web.log error:
2025.08.13 08:32:00 WARN web[75a89a30-a3c1-45c0-b267-84d5beab99d0][o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'saml'
java.lang.IllegalStateException: Sign requests is enabled but SonarQube private key and/or SonarQube certificate is missing
at org.sonar.auth.saml.SonarqubeRelyingPartyRegistrationRepository.addSignRequestFieldsIfNecessary(SonarqubeRelyingPartyRegistrationRepository.java:93)
at org.sonar.auth.saml.SonarqubeRelyingPartyRegistrationRepository.findByRegistrationId(SonarqubeRelyingPartyRegistrationRepository.java:68)
at org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver.resolve(DefaultRelyingPartyRegistrationResolver.java:83)
at org.sonar.auth.saml.SonarqubeRelyingPartyRegistrationResolver.resolve(SonarqubeRelyingPartyRegistrationResolver.java:45)
at org.springframework.security.saml2.provider.service.web.authentication.BaseOpenSamlAuthenticationRequestResolver.resolve(BaseOpenSamlAuthenticationRequestResolver.java:145)
at org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver.resolve(OpenSaml4AuthenticationRequestResolver.java:69)
at org.sonar.auth.saml.RedirectToUrlProvider.getRedirectToUrl(RedirectToUrlProvider.java:46)
at org.sonar.auth.saml.SamlAuthenticator.initLogin(SamlAuthenticator.java:58)
at org.sonar.auth.saml.SamlIdentityProvider.init(SamlIdentityProvider.java:74)
at org.sonar.server.authentication.InitFilter.handleOAuth2IdentityProvider(InitFilter.java:103)
at org.sonar.server.authentication.InitFilter.handleProvider(InitFilter.java:75)
at org.sonar.server.authentication.InitFilter.doFilter(InitFilter.java:65)
...
Sounds like you either need to disable sonar.auth.saml.signature.enabled, or provide values for sonar.auth.saml.sp.privateKey.secured and sonar.auth.saml.sp.certificate.secured (docs)