SAML auth is failing with error "The response has an empty Destination value"

SonarQube
,
1

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) : 8.4 CE
  • what are you trying to achieve: SAML auth with OneLogin as IDP
  • what have you tried so far to achieve this: NA
    I am trying SAML auth with onelogin as IDP. when i login using SAML, it is ending up with below error
    Reason: The response has an empty Destination value

Screenshot 2020-08-13 at 11.19.05 PM
Screenshot 2020-08-13 at 11.19.05 PM970×352 10.5 KB

2020.08.13 15:50:18 DEBUG web[AXPob1VJGfzo8ZJ7AAWz][c.o.s.a.AuthnRequest] AuthNRequest --> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_ba001389-45de-4122-b72a-11bf0b1aefdf" Version="2.0" IssueInstant="2020-08-13T15:50:18Z" Destination="https://xxx.onelogin.com/trust/saml2/http-post/sso/2f8aaefd-b96a-464b-a23e-afba5c868a30" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://xxxxxxxxx:31028/oauth2/callback/saml"><saml:Issuer>SonarQube</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>

2020.08.13 15:50:18 DEBUG web[AXPob1VJGfzo8ZJ7AAWz][c.o.saml2.Auth] AuthNRequest sent to https://xxx.onelogin.com/trust/saml2/http-post/sso/2f8aaefd-b96a-464b-a23e-afba5c868a30 --> fVJNr9owEPwrke/GsQM0WIBEH/1AokAftIdeqnWyAauOndpO+/rv64RWej30nSyPd3ZnZr0M0JpObvp4s4/4vccQs6fW2CDHhxXpvZUOgg7SQotBxkqeNx/2Ukxy2XkXXeUMeUZ5mQEhoI/aWZLttityPLzZH9/tDl8V5DkvygWdzmqkUy4EVa8EUM5VkysO2NQNyT6jD4m7IqlVahBCjzsbItiYoFzkNC8pLy58Jme55OUXkm2TH20hjqxbjF2QjPUK/cRZNO6q7aRyLYu+D5EN8gUbqmjnhntwTDQlDNOpWsyBTudTRUEUSKFRMKvKeQlFknL6E8RrbWttry9noO5FQb6/XE70dDxfSLb5m8uDs6Fv0Z/R/9AVfnrc33Un2XBFGxfz5LG7PQlZ8FyUzEHanGAVGKOg+jZ6IOvlcMgxIL8+Owv+YzK9ZM/h5X3zh6Rvtz05o6tf2VvnW4j/l88nfER0TZuxVPY2dFjpRmOdXBjjfj54hIgrkjJFkrH1feq/X2z9Gw==
2020.08.13 15:50:19 TRACE web[AXPob1VJGfzo8ZJ7AAW0][o.s.s.p.w.UserSessionFilter] Thread[http-nio-10.80.76.165-31028-exec-3,5,main] serves /health
2020.08.13 15:50:19 TRACE web[AXPob1VJGfzo8ZJ7AAW0][sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.forceAuthentication
2020.08.13 15:50:19 TRACE web[AXPob1VJGfzo8ZJ7AAW1][o.s.s.p.w.UserSessionFilter] Thread[http-nio-10.80.76.165-31028-exec-5,5,main] serves /health
2020.08.13 15:50:19 TRACE web[AXPob1VJGfzo8ZJ7AAW1][sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.forceAuthentication
2020.08.13 15:50:20 TRACE web[AXPob1VJGfzo8ZJ7AAW2][o.s.s.p.w.UserSessionFilter] Thread[http-nio-10.80.76.165-31028-exec-2,5,main] serves /health
2020.08.13 15:50:20 TRACE web[AXPob1VJGfzo8ZJ7AAW2][sql] time=1ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.forceAuthentication
2020.08.13 15:50:21 TRACE web[AXPob1VJGfzo8ZJ7AAW3][o.s.s.p.w.UserSessionFilter] Thread[http-nio-10.80.76.165-31028-exec-8,5,main] serves /oauth2/callback/saml
2020.08.13 15:50:21 TRACE web[AXPob1VJGfzo8ZJ7AAW3][sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.enabled
2020.08.13 15:50:21 TRACE web[AXPob1VJGfzo8ZJ7AAW3][sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.providerId
2020.08.13 15:50:21 TRACE web[AXPob1VJGfzo8ZJ7AAW3][sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.applicationId
2020.08.13 15:50:21 TRACE web[AXPob1VJGfzo8ZJ7AAW3][sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.loginUrl
2020.08.13 15:50:21 TRACE web[AXPob1VJGfzo8ZJ7AAW3][sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.certificate.secured
2020.08.13 15:50:21 TRACE web[AXPob1VJGfzo8ZJ7AAW3][sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.user.login
2020.08.13 15:50:21 TRACE web[AXPob1VJGfzo8ZJ7AAW3][sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.user.name
2020.08.13 15:50:21 DEBUG web[AXPob1VJGfzo8ZJ7AAW3][c.o.saml2.Auth] Settings validated
2020.08.13 15:50:22 DEBUG web[AXPob1VJGfzo8ZJ7AAW3][c.o.s.a.SamlResponse] SAMLResponse invalid --> <samlp:Response xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="pfx6afb906a-9c95-2b80-f3ea-352f4cc5241f" Version="2.0" IssueInstant="2020-08-13T15:50:20Z" Destination="" InResponseTo="ONELOGIN_ba001389-45de-4122-b72a-11bf0b1aefdf"><saml:Issuer>https://app.onelogin.com/saml/metadata/2f8aaefd-b96a-464b-a23e-afba5c868a30</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#pfx6afb906a-9c95-2b80-f3ea-352f4cc5241f"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>XR9i2yJD3+QZg3W0vvAHfOrqcLg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>dYoE0VSOpzF26R4r1tHv/GInkG8YxahzYuZGa3tWGlvDRABZkynnYqv6rnmp/2VyU4TzFRZ6kO9CX4XCsJwN76jgaa2Kep9SbTHy9/o+bF9sa4COAVcvKW4OeoWkZcbZaCeLsRpgh+eszvYQfCPpDJT6OdhRSyi4weu8ym/p91ma9BTBwFMEgVYI/zFgfWK8pbkx7qpn331GNCSVad+xTpeO3yj4DtUT7NOqOcDMQk0KNo0PZ+xCG0bjaYc/KmyDNeuhe+buFVtqbc1L+XKRQP92+OBoOWiz86OPyIyO/kO0LtDJogfg1bq2Yh2s1/92zdMmzJJx7z/9ZtHSrGLXoA==</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="2.0" ID="A0ecf232156137b572ebf3ae68bb9a0dde1ebba87" IssueInstant="2020-08-13T15:50:20Z"><saml:Issuer>https://app.onelogin.com/saml/metadata/2f8aaefd-b96a-464b-a23e-afba5c868a30</saml:Issuer><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">akumar397@ext.xxx.com</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2020-08-13T15:53:20Z" Recipient="" InResponseTo="ONELOGIN_ba001389-45de-4122-b72a-11bf0b1aefdf"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2020-08-13T15:47:20Z" NotOnOrAfter="2020-08-13T15:53:20Z"><saml:AudienceRestriction><saml:Audience>https://sonarqube-staging.xxxxx.com/sonar_saml_auth</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2020-08-13T15:50:19Z" SessionNotOnOrAfter="2020-08-14T15:50:20Z" SessionIndex="_e7b333af-84db-467d-ab19-92edf1e16b20"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement></saml:Assertion></samlp:Response>\n\n
2020.08.13 15:50:22 ERROR web[AXPob1VJGfzo8ZJ7AAW3][c.o.s.a.SamlResponse] The response has an empty Destination value
2020.08.13 15:50:22 ERROR web[AXPob1VJGfzo8ZJ7AAW3][c.o.saml2.Auth] processResponse error. invalid_response