SAML Authentication through IIS not working after 8.4 upgrade

Hello,

I tried to upgrade SonarQube developer edition from 8.3 edition to 8.4 edition.
The upgrade seems to be OK except user authentication with SAML.

The error message is :
“You’re not authorized to access this page. Please contact the administrator. Reason: The response was received at http://sonarqube.domain.com:9000/oauth2/callback/saml instead of https://sonarqube.domain.com/oauth2/callback/saml”

My configuration is :
Server OS : Windows Server 2019
Reverse Proxy : IIS with AAR and URL Rewrite modules
SAML : Microsoft ADFS
SonarQube Version that works with SAML : 8.3.1
SonarQube version that does not work with SAML : 8.4.2

I haved followed the tutorial described in “Operating the server” docuementation.
But since version 8.4, there is this message in the official doc :
“Note that the setup described in this blog post is not appropriate for SAML through IIS.”

Is there something to change in IIS config to keep it working with SAML ?

Thanks for your help

Remi

Hi @RemiG,

I’m not an expert on IIS, but what I can tell you is that you need to set the header X_FORWARDED_PROTO to https, as explained in the HTTPS Configuration section of https://docs.sonarqube.org/latest/setup/operate-server/.

I hope it will help you !
Regards

I hope this guide can help you!

Hello Colin,

It is working now perfectly with SonarQube 8.5.1.
The problem was I named my server variable “X_FORWARDED_PROTO” instead of “HTTP_X_FORWARDED_PROTO” which is the correct name.

Thanks a lot for your help

Remi

After updating sonarqube, our saml login stopped working, We did it by following your steps, now it works.

The code below has been very useful for us.

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true /commit:apphost