Hi,
Thanks for the advice, here is what seems to be relevant:
06:24:23 TRACE web[o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-4,5,main] serves /sessions/init/saml
06:24:23 TRACE web[sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.plugins.risk.consent
06:24:23 TRACE web[sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.forceRedirectOnDefaultAdminCredentials
06:24:23 TRACE web[sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.enabled
06:24:23 TRACE web[sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.providerId
06:24:23 TRACE web[sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.applicationId
06:24:23 TRACE web[sql] time=15ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.loginUrl
06:24:23 TRACE web[sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.certificate.secured
06:24:23 TRACE web[sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.user.login
06:24:23 TRACE web[sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.auth.saml.user.name
06:24:23 TRACE web[sql] time=0ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.component_uuid as componentUuid, p.user_uuid as userUuid from properties p where p.prop_key=? and p.component_uuid is null and p.user_uuid is null | params=sonar.core.serverBaseURL
06:24:23 DEBUG web[c.o.saml2.Auth] Settings validated
06:24:23 DEBUG web[c.o.s.a.AuthnRequest] AuthNRequest --> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_f24c5134-eecd-4764-8d3e-344a2a04a8d4" Version="2.0" IssueInstant="2022-04-20T04:24:23Z" Destination=" https://myidp.com/adfs/ls/idpinitiatedsignon.aspx" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://sonar.oe.intranet/oauth2/callback/saml"><saml:Issuer>https://sonar.oe.intranet/</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" AllowCreate="true" /></samlp:AuthnRequest>
06:24:23 DEBUG web[c.o.saml2.Auth] AuthNRequest sent to https://myidp.com/adfs/ls/idpinitiatedsignon.aspx --> fZLBbtswDIZfxdDdluOoayEkAbJm3QJkSdBkO+wysBLTCpEpV5Sb7u2nOhvWHVpAgACKP/l/pCYMre/0vE8PdIuPPXIqnltPrIeHqegj6QDsWBO0yDoZvZt/XemmqnUXQwomePFK8r4CmDEmF0gUy8VUbNafVpvPy/XPQ6PMxWisSkRjS3X5QZVXdozlWClooFZwZZUovmPkrJ2KXCoXYO5xSZyAUg7VTVPWqmzqfa10k8/4hygWmccRpEH1kFLHWsrT0XFl8ak6HUMFSYI9sPQsne0cueQgoWV3T4Eq4O5ZFNs/nB8dWUf37yPenZNYf9nvt+V2s9uLYv4X+zoQ9y3GHcYnZ/Db7eqfLQ4EsQqYbREmGSDvpJEGvL8Dc5QvwxWzyculB/Q4e0M5ka+TJucNr7PR5WIbvDO/ipsQW0hvc4yq0RBxtjwMqbon7tC4g0ObcbwPp+uIeVBTkWKPopCzc9f/v9LsNw==
06:24:23 TRACE web[o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-1,5,main] serves /adfs/ls/idpinitiatedsignon.aspx
So I can see in the log files what would be the correct address, but I can see in the HAR-trace of the browser that it is not.
You’ll find the false request directly after that in the log ( 06:24:23 TRACE web[o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-1,5,main] serves /adfs/ls/idpinitiatedsignon.aspx
) that the next call is on itself.