Receive not authorized oauth2 callback saml response error after enabling SAML

Dear Team,
Recently, SonarQube version 9.8 on the server had SAML enabled. We have a URL that uses SSL to visit SonarQube. The URL asks for credentials when it is launched, and then immediately displays the error message listed below.

“You’re not authorized to access this page. Please contact the administrator.
Reason: The response was received at instead of


Please be aware that SonarQube has been set up as a Windows service and is configured using a load balancer. We don’t currently use a proxy to reroute the URL.

To set up SAML in SonarQube, we used the configuration listed below.
Operating System : Windows 2019 Server Standard
JAVA Version : 1.8
Database provider : PostgreSQL version : 13.3

Please assist us in fixing this problem.

Please let me know if you require any additional details from our end.

Thank you
Dharmesh Navlakha

Hey there.

At least at the load balancer level, you’ll need to make sure that X-Forwarded-Proto is set to https.

Hello Colin,

Thank you for your response.

We have a correction here. We are using SonarQube 8.9.1 version instead of 9.8.

Do we still need to apply the same fix for this version as well ?

Thank you.

The fix is the same.

And, your version is past EOL. You should upgrade to either the latest version or the current LTS at your earliest convenience. Your upgrade path is:

8.9.1 → 9.9.2 → 10.2 (last step optional)

You may find these resources helpful:

If you have questions about upgrading, feel free to open a new thread for that here.

Hello Colin,

Thank you for your quick response.

We have upgraded the version of SonarQube to 9.9.2 LTS. Post upgrading the version, we are getting attached error message. Can you please help us to fix this out ?

We checked with our ADFS team, seems like everything is properly set.

Do let me know if you need anymore information from our end.

Thank you
Dharmesh Navlakha

Hey there.

It looks like an issue with the response from your SAML provider. This documentation might help you (it’s for Atlassian products, but the issue looks very similar).

You can find exactly what response is being sent to your SonarQube server by turning up the log level in global Administration > System > Log Level and viewing the web.log file.

1 Like

Hello Colin,

I have gone through the document you shared, per the document, we need to setup metadata again. Can you please provide us latest metadata file for version 9.9.2 LTS.

Also, checked the web.log file, it has similar information we are getting on web (same as screenshot).

Please provide us latest metadata file for version 9.9.2 LTS, so that we can reconfigure it from our end.

Thank you
Dharmesh Navlakha