SAML Authentication on Data Center Edition High Availability failing on Cluster

chaitu358 · June 10, 2019, 10:41am

Must-share information (formatted with Markdown):

which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
what are you trying to achieve
what have you tried so far to achieve this
7.7 Version of sonarqube with high available architecture. (2 APplication nodes and 3 search nodes) + Application gateway.
SAML 2.0 …1.1 version
Cluster environment
When I enable the SAML SSO authention with cluster = false and run on single node, the authentication works successfully, however when i enable cluster = true with SSO enabled as true on both the application nodes then authentication fails even for the default admin account.

There is no error in web.log or sonar.log and the only error i see in F12 is 401 (Unauthorized).

SAML Authentication is behaving odd with cluster, I tried various combinations of providing all the properties.

Are we missing anything here?

Thanks,
Chaitanya

chaitu358 · June 10, 2019, 2:01pm

can any one help quickly please breaking my head over a small configuration file.

julienlancelot · June 12, 2019, 4:23pm

Hi @chaitu358,

In order to have more info, could you please set you log level to DEGUB, either by :

In conf/sonar.properties file set sonar.log.level to DEBUG
In UI, go to Administration > System > Log Level > change value to DEBUG

Then try to authenticate and check for errors in log/web.log file.

Regards,
Julien Lancelot

chaitu358 · June 12, 2019, 5:11pm

Thanks Julien.
I changed to both Debug and Trace level but did not find error.
However the issue is fixed, we configured an app gateway before the traffic reaches App Nodes and enabling session persistence cured it.

julienlancelot · June 13, 2019, 7:50am

Thanks for reporting the fix @chaitu358 !