- SonarQube Enterprise 8.4 (Azure AD is used for SAML auth provider)
- Resolve issue with SAML authentication
- Verified Load Balancer settings and Azure SAML configuration settings. Added X-Forwarded-Proto = HTTPS header to Load Balancer.
- This issue only occurs after upgrading to ver 8.4
Hi @dopsVince ,
Welcome to SonarSource Community! 
Since SonarQube 8.4 release, we’ve enhanced our SAML checks, see Upgrade Notes. Obviously, if you’ve set the HTTPS header correctly, then the web server that proxies your request should be setting it but it seems it is not. So the problem seems to be your load balancer configuration.
But let’s verify your configuration anyway. Here are things to check:
-
Make sure your sonar.core.serverBaseURL is correct, it should be “https://sonar.dssinc.com”. Administration > Configuration > General > scroll down to “Server base URL”:
-
Verify that Azure AD is set correctly. This tutorial is good to review to check for the basic properties and configs on both SonarQube and Azure AD sides: Tutorial: Azure Active Directory single sign-on (SSO) integration with Sonarqube | Microsoft Docs
-
Since you mentioned that you already added the X-Forwarded-Proto for the request header already, what kind of web server are you using (IIS, Nginx, Apache, etc.)? Can you share your configuration here?
-
Please obtain web.log file:
- Turn on TRACE level logs (Global Administration > System > Log Level) then log out
- Have user attempt log in via SAML, which will fail
- Log back in with local admin credentials to return to INFO level logs (Global Administration > System > Log Level)
- Attach web.log file here or you can private message me the file:
Joe
Hi Joe, thank you for your reply. Here are the answers to the question that you asked:
- I verified that the server base url is correct
- I followed the Azure AD article that you provided and I used that same article on initial set up. No settings have changed on our end. Also, please note that we do not use the SAML plugin it references in the article. It wasn’t needed.
- We are running SonarQube as a service and we have a load balancer infront of the server which is where the X-Forwarded-Proto was modified previously.
- I cannot get the logs requested unfortunately until we do an upgrade. Right now we had to revert back to 8.3 because our users would not be able to auth. However, next Tuesday we will be attempting the upgrade again and once we do so I can get you the log file.
1 Like
Hi @dopsVince ,
SonarQube 8.9 just got released. Perhaps you’ve upgraded already? Anyways, did you get a chance to get those logs or were you able to resolve your problem?
We are facing the same issue,
Not able to figure out how to resolve it
You’re not authorized to access this page. Please contact the administrator.
Reason: The response was received at http://sonar-test.abc.com/oauth2/callback/saml instead of https://sonar-test.abc.com/oauth2/callback/saml
Please help me on this!
Hello @RahulTripathi07 , please verify that you have the X_FORWARDED_PROTO: https parameter set in your web server/reverse proxy/load balancer. See Operating the Server | SonarQube Docs and the “HTTPS Configuration” section.
We have various SAML guides for various IdP: Overview | SonarQube Docs (Azure AD, Keycloak, Okta, and OneLogin).
If you still have trouble, please make sure you have the latest version or LTS version of SonarQube, reproduce your error, and provide the web.log file for us to review in a new thread.
I’ll close this thread since this was about a user on a now non-supported version of SonarQube.