March 17, 2023, 4:51am
SAML Authentication Issue
Team i am facing issue in redirect url below is the error
The response was received at
http://sonarqubeIP:9000/oauth2/callback/saml instead of https://xxxxx.yourdomain.com/oauth2/callback/saml
2023.03.17 10:00:29 ERROR web[AYboqmvAKR9FXMEXAAo2][c.o.saml2.Auth] processResponse error. invalid_response
March 20, 2023, 8:04am
What do the logs say?. You might need to bump up the log level (global Administration > System > Log Level)
Make sure you upgrade to SonarQube soon, not only to benefit from our Best LTS Ever™, but because soon we will systematically ask users to upgrade when they ask questions about earlier versions of SonarQube, which are now considered unsupported. v9.9 LTS
SonarQube 9.9 LTS also offers a dedicated space in the UI for debugging SAML integration. I highly encourage you to upgrade.
March 21, 2023, 8:13am
Error log says as below.
2023.03.21 13:34:13 ERROR web[AYboqmvAKR9FXMEXACTm][c.o.s.a.SamlResponse] The response was received at
http://xx.xx.x.xxx:9000/oauth2/callback/saml instead of https://sonar.xxxxxxx.com/oauth2/callback/saml
2023.03.21 13:34:13 ERROR web[AYboqmvAKR9FXMEXACTm][c.o.saml2.Auth] processResponse error. invalid_response
March 21, 2023, 8:31am
It looks like the SAML response is received at a different address than expected. What are you using to serve SonarQube over HTTPS (IIS, Nginx, Apache…)
March 27, 2023, 5:12am
Sorry for the late response, for HTTPS we are using Nginx
March 27, 2023, 2:41pm
You’ll need to make sure that the
X-Forwarded-Proto header is set to
https. You might also find this post helpful:
I believe you need this additional line:
proxy_set_header Host $host;
After hitting the same error on a new server setup and scouring these posts I realized the doc actually covers this here:
Operating the Server | SonarQube Docs and there is a post on handling this case on IIS here: SonarQube Users: Let's talk about IIS and SAML Authentication!
I thought X-Forwarded-Host would accomplish this, but it did not work for me. I needed to set the “Host” header.
In my case I also added: