SAML Authentication through IIS not working after 8.4 upgrade

SonarQube Server / Community Build
,
1

Hello,

I tried to upgrade SonarQube developer edition from 8.3 edition to 8.4 edition.
The upgrade seems to be OK except user authentication with SAML.

The error message is :
You’re not authorized to access this page. Please contact the administrator. Reason: The response was received at http://sonarqube.domain.com:9000/oauth2/callback/saml instead of https://sonarqube.domain.com/oauth2/callback/saml

My configuration is :
Server OS : Windows Server 2019
Reverse Proxy : IIS with AAR and URL Rewrite modules
SAML : Microsoft ADFS
SonarQube Version that works with SAML : 8.3.1
SonarQube version that does not work with SAML : 8.4.2

I haved followed the tutorial described in “Operating the server” docuementation.
But since version 8.4, there is this message in the official doc :
Note that the setup described in this blog post is not appropriate for SAML through IIS.

Is there something to change in IIS config to keep it working with SAML ?

Thanks for your help

Remi

3

Hi @RemiG,

I’m not an expert on IIS, but what I can tell you is that you need to set the header X_FORWARDED_PROTO to https, as explained in the HTTPS Configuration section of https://docs.sonarqube.org/latest/setup/operate-server/.

I hope it will help you !
Regards

4

I hope this guide can help you!

5

Hello Colin,

It is working now perfectly with SonarQube 8.5.1.
The problem was I named my server variable “X_FORWARDED_PROTO” instead of “HTTP_X_FORWARDED_PROTO” which is the correct name.

Thanks a lot for your help

Remi

6

After updating sonarqube, our saml login stopped working, We did it by following your steps, now it works.

The code below has been very useful for us.

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true /commit:apphost