SAML authentication with Azure Active Directory on SonarQube 9.2.4 on AKS

The problem with SAML occurs on SonarQube Community Edition Version 9.2.4 (build 50792). SonarQube is set up on the Azure Kubernetes AKS. SAML is edited via build-in possibility.

I want to enable SAML authentication with SonarQube and Azure AD. Currently, the option is enabled and once I try to use it, I receive, an error message: " You’re not authorized to access this page. Please contact the administrator."

I followed Microsoft and SonarQube instructions:
https://docs.sonarqube.org/latest/instance-administration/authentication/saml/azuread/
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-certificate-based-authentication

At this moment I receive such error logs:

2022-11-02 12:52:28	
2022-11-02T11:52:28.945740385Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.newAuth(SamlIdentityProvider.java:141)
2022-11-02 12:52:28	
2022-11-02T11:52:28.945740385Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.newAuth(SamlIdentityProvider.java:141)
2022-11-02 12:52:28	
2022-11-02T11:52:28.945736985Z stdout F 	at com.onelogin.saml2.Auth.<init>(Auth.java:308)
2022-11-02 12:52:28	
2022-11-02T11:52:28.945736985Z stdout F 	at com.onelogin.saml2.Auth.<init>(Auth.java:308)
2022-11-02 12:52:28	
2022-11-02T11:52:28.945733485Z stdout F Caused by: com.onelogin.saml2.exception.SettingsException: Invalid settings: idp_cert_or_fingerprint_not_found_and_required
2022-11-02 12:52:28	
2022-11-02T11:52:28.945733485Z stdout F Caused by: com.onelogin.saml2.exception.SettingsException: Invalid settings: idp_cert_or_fingerprint_not_found_and_required
2022-11-02 12:52:28	
2022-11-02T11:52:28.945137248Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.init(SamlIdentityProvider.java:100)
2022-11-02 12:52:28	
2022-11-02T11:52:28.945137248Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.init(SamlIdentityProvider.java:100)
2022-11-02 12:52:28	
2022-11-02T11:52:28.945133848Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.newAuth(SamlIdentityProvider.java:143)
2022-11-02 12:52:28	
2022-11-02T11:52:28.945133848Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.newAuth(SamlIdentityProvider.java:143)
2022-11-02 12:52:28	
2022-11-02T11:52:28.945126948Z stdout F 2022.11.02 11:52:28 WARN  web[AYQ1ucDQ6yY1cckcABht][o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'saml'
2022-11-02 12:52:28	
2022-11-02T11:52:28.945126948Z stdout F 2022.11.02 11:52:28 WARN  web[AYQ1ucDQ6yY1cckcABht][o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'saml'
2022-11-02 12:52:28	
2022-11-02T11:52:28.945123347Z stdout F 2022.11.02 11:52:28 ERROR web[AYQ1ucDQ6yY1cckcABht][c.o.saml2.Auth] Invalid settings: idp_cert_or_fingerprint_not_found_and_required
2022-11-02 12:52:28	
2022-11-02T11:52:28.945123347Z stdout F 2022.11.02 11:52:28 ERROR web[AYQ1ucDQ6yY1cckcABht][c.o.saml2.Auth] Invalid settings: idp_cert_or_fingerprint_not_found_and_required
2022-11-02 12:52:28	
2022-11-02T11:52:28.944495009Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.init(SamlIdentityProvider.java:100)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944495009Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.init(SamlIdentityProvider.java:100)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944491209Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.initSettings(SamlIdentityProvider.java:201)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944491209Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.initSettings(SamlIdentityProvider.java:201)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944487309Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.build(SettingsBuilder.java:230)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944487309Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.build(SettingsBuilder.java:230)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944483408Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.build(SettingsBuilder.java:257)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944483408Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.build(SettingsBuilder.java:257)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944479008Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.loadIdpSetting(SettingsBuilder.java:321)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944479008Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.loadIdpSetting(SettingsBuilder.java:321)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944475108Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.loadCertificateFromProp(SettingsBuilder.java:716)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944475108Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.loadCertificateFromProp(SettingsBuilder.java:716)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944471208Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.loadCertificateFromProp(SettingsBuilder.java:694)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944471208Z stdout F 	at com.onelogin.saml2.settings.SettingsBuilder.loadCertificateFromProp(SettingsBuilder.java:694)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944466907Z stdout F 	at com.onelogin.saml2.util.Util.loadCert(Util.java:555)
2022-11-02 12:52:28	
2022-11-02T11:52:28.944466907Z stdout F 	at com.onelogin.saml2.util.Util.loadCert(Util.java:555)
2022-11-02 12:39:04	
2022-11-02T11:39:04.078704888Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.newAuth(SamlIdentityProvider.java:141)
2022-11-02 12:39:04	
2022-11-02T11:39:04.078704888Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.newAuth(SamlIdentityProvider.java:141)
2022-11-02 12:39:04	
2022-11-02T11:39:04.078701188Z stdout F 	at com.onelogin.saml2.Auth.<init>(Auth.java:308)
2022-11-02 12:39:04	
2022-11-02T11:39:04.078701188Z stdout F 	at com.onelogin.saml2.Auth.<init>(Auth.java:308)
2022-11-02 12:39:04	
2022-11-02T11:39:04.078697788Z stdout F Caused by: com.onelogin.saml2.exception.SettingsException: Invalid settings: idp_cert_or_fingerprint_not_found_and_required
2022-11-02 12:39:04	
2022-11-02T11:39:04.078697788Z stdout F Caused by: com.onelogin.saml2.exception.SettingsException: Invalid settings: idp_cert_or_fingerprint_not_found_and_required
2022-11-02 12:39:04	
2022-11-02T11:39:04.078090851Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.init(SamlIdentityProvider.java:100)
2022-11-02 12:39:04	
2022-11-02T11:39:04.078090851Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.init(SamlIdentityProvider.java:100)
2022-11-02 12:39:04	
2022-11-02T11:39:04.078086651Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.newAuth(SamlIdentityProvider.java:143)
2022-11-02 12:39:04	
2022-11-02T11:39:04.078086651Z stdout F 	at org.sonar.auth.saml.SamlIdentityProvider.newAuth(SamlIdentityProvider.java:143)
2022-11-02 12:39:04	
2022-11-02T11:39:04.07807905Z stdout F 2022.11.02 11:39:04 WARN  web[AYQ1ucDQ6yY1cckcABfa][o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'saml'
2022-11-02 12:39:04	
2022-11-02T11:39:04.07807905Z stdout F 2022.11.02 11:39:04 WARN  web[AYQ1ucDQ6yY1cckcABfa][o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'saml'
2022-11-02 12:39:04	
2022-11-02T11:39:04.07807425Z stdout F 2022.11.02 11:39:04 ERROR web[AYQ1ucDQ6yY1cckcABfa][c.o.saml2.Auth] Invalid settings: idp_cert_or_fingerprint_not_found_and_required
2022-11-02 12:39:04	
2022-11-02T11:39:04.07807425Z stdout F 2022.11.02 11:39:04 ERROR web[AYQ1ucDQ6yY1cckcABfa][c.o.saml2.Auth] Invalid settings: idp_cert_or_fingerprint_not_found_and_required

Therefore, I used certificate Certificate (Base64) from Azure.

Can you advise and help what to do next to solve this issue?

Hi,

We did some work on SAML in 9.7. Can you upgrade and see if the new configuration tester helps any?

 
Ann

Thanks for the response. Actually, I tried with the latest version, but I got the same results. Any ideas from where such an error can come?

UPDATE:
Community Edition Version 9.7.1 (build 62043)
No changes

Hi,

When you verify your SAML settings in the Admin interface, what’s the result?

 
Ann

Errors

  • Failed to create a SAML Auth due to: Invalid settings: idp_cert_or_fingerprint_not_found_and_required

Lucas

Hi Lucas,

It looks like you need to work on correcting your settings.

 
HTH,
Ann

Currently, we have a such situation:
Sonar releases the request to AD → AD returns and in the logs, it is that login success → AD releases XML → Sonar is not able to check it

We took x.509 directly from Azure.portal as a base64 and we pasted that value directly to the SonarQube configuration.

Do you have any idea where is the problem?

Hi,

Sorry, but we’re really not SAML experts.

 
Ann

Hello,
We had a similar case where the customer opened the certificate using vi and removed spaces contained in it. It fixed his issue.
Can you try that?
Alex.

I will try for sure, and let you know. thanks :slight_smile: