SAML Authentication: No private key available for decrypt

Hi Community,

i installed sonarqube in version 10.5 and followed the instructions to setup saml authentication with azure entra. But at the end i’m facing an issue:
When i try to login with saml account, i see an error message “not authorized” and in the web.log file there is an exception:

Caused by: com.onelogin.saml2.exception.SettingsException: No private key available for decrypt, check settings
	at com.onelogin.saml2.authn.SamlResponse.decryptAssertion(SamlResponse.java:1204)
	at com.onelogin.saml2.authn.SamlResponse.loadXmlFromBase64(SamlResponse.java:168)
	at com.onelogin.saml2.authn.SamlResponse.<init>(SamlResponse.java:118)
	at com.onelogin.saml2.authn.SamlResponse.<init>(SamlResponse.java:139)
	at com.onelogin.saml2.factory.SamlMessageFactory.createSamlResponse(SamlMessageFactory.java:55)
	at com.onelogin.saml2.Auth.processResponse(Auth.java:1205)
	at com.onelogin.saml2.Auth.processResponse(Auth.java:1254)
	at org.sonar.auth.saml.SamlAuthenticator.processResponse(SamlAuthenticator.java:158)

It might be because of the fields “Service provider private key” and “service provider certificate” in the configuration wizzard (at the bottom of the document) - i have no idea, where to get these information and also documenation about this is a bit rare…
So these fields are empty but are needed. Could you help me how to configure these authentication?

I was able to solve this issue! I activated token validation on azure entry side (accidentally) but missed configuration on sonarqube site.
So i navigated to azure entry → sonarqube application → token validation
Deleted token validation item (imported certificate) and now its working!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.