This document has a confusing example:
Set “Valid Redirect URIs” to "
<SonarQube URL>/oauth2/callback/* ", for example “ https://sonarqube.mycompany.com/oauth2/callback”
Following that somewhat literally leads to this issue:
Using SonarQube 7.3
Attempting to use SAML authentication using PingFed IdP
** Have configured IdP to to issue the SAML assertion
** Have configured SonarQube according
** Configured Assertion Consumer Service URL to :9000/oauth2/callback (???)
** When assertion is posted to that URL SonarQube responds with “You’re not authorized to access this page. Please contact the administrator.”
The web.log in TRACE mode mysteriously…
The documentation should say something like:
The SAML Single Sign-On URL is
If a generic example of configuring an IdP was provided, it would make it easier for people not using KeyCloak as their SAML IdP.
I have a specific example for Okta here which could be made generic:
I figured it out. It’s /oauth2/callback/saml not /oauth2/callback… This is a documentation bug.
I had to clear cookies for my sonarqube domain to make login work after some testing. You may get CSRF or OAUTH_TOKEN errors otherwise.
Here are settings that work for Okta:
Single Sign-On URL
Audience Restriction: sonarqube
login = user.login
name = user.login
email = user.email
Group Attribute Statements