SAML Authentication Issue after Updating to v8.4 (AWS ELB Elastic Load Balancer)

p0bailey · November 4, 2020, 9:20am

Hi,

After upgrading SonarQube from Developer version 8.3 to 8.4 our users are no longer
able to login into SQ using SAML authentication.

SonarQube Developer Edition v8.4
Running on Amazon Elastic Kubernetes Service (Amazon EKS)
SAML authentication with Microsoft ADFS as the IDP, worked fine on each new version until v8.4.
You’re not authorized to access this page. Please contact the administrator. Reason: The response was received at http://localhost:9000/oauth2/callback/saml instead of https://****.com/oauth2/callback/saml

Set up SAML single sign on to authenticate with AMicrosoft ADFS as the IDP on v8.3, using AWS ELB Elastic Load Balancer - this has been working fine for many months. Then upgrade to v8.4 - it breaks with the error above.

Currently had to roll back to v8.3

Phillip

ganncamp · November 4, 2020, 4:36pm

Hi Phillip,

We made some changes to SAML auth in 8.4. From the Upgrade Notes:

Additionnal SAML checks
SAML authentication adds additional checks for validating SAML responses from the identity provider. This could reveal a non-standard configuration that needs to be updated. Information will appear in the logs upon a failed login attempt in the event that the configuration needs to be tweaked.

There are other threads on this in the community that may help.

Ann

libertygarcia-gp · November 12, 2020, 11:41pm

Hi! New Sonarqube admin here. I am having the same issue. What specific configuration needs to be tweaked?