AlainODea
(Alain O'Dea)
October 3, 2018, 12:59pm
1
This document has a confusing example:
https://docs.sonarqube.org/display/PLUG/SAML+Authentication+Plugin
It says:
Set “Valid Redirect URIs” to " <SonarQube URL>/oauth2/callback/ * ", for example “https://sonarqube.mycompany.com/oauth2/callback ”
Following that somewhat literally leads to this issue:
Using SonarQube 7.3
Attempting to use SAML authentication using PingFed IdP
** Have configured IdP to to issue the SAML assertion
** Have configured SonarQube according https://docs.sonarqube.org/display/PLUG/SAML+Authentication+Plugin
** Configured Assertion Consumer Service URL to :9000/oauth2/callback (???)
** When assertion is posted to that URL SonarQube responds with “You’re not authorized to access this page. Please contact the administrator.”
The web.log in TRACE mode mysteriously…
The documentation should say something like:
The SAML Single Sign-On URL is <SonarQube URL>/oauth2/callback/saml .
If a generic example of configuring an IdP was provided, it would make it easier for people not using KeyCloak as their SAML IdP.
I have a specific example for Okta here which could be made generic:
I figured it out. It’s /oauth2/callback/saml not /oauth2/callback… This is a documentation bug.
I had to clear cookies for my sonarqube domain to make login work after some testing. You may get CSRF or OAUTH_TOKEN errors otherwise.
Here are settings that work for Okta:
Single Sign-On URL https://sonarqube.example.com/oauth2/callback/saml
Audience Restriction: sonarqube
Attribute Statements
login = user.login
name = user.login
email = user.email
Group Attribute Statements
groups Starts…
1 Like
Hi Alain,
Thanks for this message, I’ve updated the documentation to add the /saml.
I agree it would be good to have a more generic document, I’ll see with our doc team what we can do.
Thanks for your suggestion !
Regards
1 Like