SAML Authentications Issues Ver. 8.4

  • SonarQube Enterprise 8.4 (Azure AD is used for SAML auth provider)
  • Resolve issue with SAML authentication
  • Verified Load Balancer settings and Azure SAML configuration settings. Added X-Forwarded-Proto = HTTPS header to Load Balancer.
  • This issue only occurs after upgrading to ver 8.4
    image

Hi @dopsVince ,

Welcome to SonarSource Community! :sonarsource:

Since SonarQube 8.4 release, we’ve enhanced our SAML checks, see Upgrade Notes. Obviously, if you’ve set the HTTPS header correctly, then the web server that proxies your request should be setting it but it seems it is not. So the problem seems to be your load balancer configuration.

But let’s verify your configuration anyway. Here are things to check:

  1. Make sure your sonar.core.serverBaseURL is correct, it should be “https://sonar.dssinc.com”. Administration > Configuration > General > scroll down to “Server base URL”:

  2. Verify that Azure AD is set correctly. This tutorial is good to review to check for the basic properties and configs on both SonarQube and Azure AD sides: Tutorial: Azure Active Directory single sign-on (SSO) integration with Sonarqube | Microsoft Docs

  3. Since you mentioned that you already added the X-Forwarded-Proto for the request header already, what kind of web server are you using (IIS, Nginx, Apache, etc.)? Can you share your configuration here?

  4. Please obtain web.log file:

  • Turn on TRACE level logs (Global Administration > System > Log Level) then log out
  • Have user attempt log in via SAML, which will fail
  • Log back in with local admin credentials to return to INFO level logs (Global Administration > System > Log Level)
  • Attach web.log file here or you can private message me the file:

Joe

Hi Joe, thank you for your reply. Here are the answers to the question that you asked:

  1. I verified that the server base url is correct
  2. I followed the Azure AD article that you provided and I used that same article on initial set up. No settings have changed on our end. Also, please note that we do not use the SAML plugin it references in the article. It wasn’t needed.
  3. We are running SonarQube as a service and we have a load balancer infront of the server which is where the X-Forwarded-Proto was modified previously.
  4. I cannot get the logs requested unfortunately until we do an upgrade. Right now we had to revert back to 8.3 because our users would not be able to auth. However, next Tuesday we will be attempting the upgrade again and once we do so I can get you the log file.
1 Like

Hi @dopsVince ,

SonarQube 8.9 just got released. Perhaps you’ve upgraded already? Anyways, did you get a chance to get those logs or were you able to resolve your problem?