We are planning to perform an upgrade from 9.9 LTA version 2025.1 LTS version. As part of release notes Release upgrade notes | SonarQube Server Documentation
we see SAML configuration is required for Microsoft Entra and PingID, in our case we have ping federate as SAML provider. Do you have any specific documentation for ping federate or do we even need to update or make any SAML changes for ping federate configuration?
I guess you are referring to the following sentence in the linked documentation:
When configuring SAML on your SonarQube Server instance with assertion encryption, the response signature must be enforced. You might need to update your SAML configuration:
The important part here is the “with assertion encryption”. This means only if you have configured your identity provider to encrypt the assertions in the SAML Response, then you need to update the configuration.
We upgraded our test instance from 9.9 to 2025.1 last week and it worked without updating the SAML configuration, as we did not use assertion encryption.
Thanks @furti. Can i ask what SAML provider you have on your side?
We used a self hosted Keycloak instance as SAML provider. Right after the migration to SonarQube 2025.1 we switched to Microsoft Entra to benefit from the SCIM support.
Since we don’t use encrypted responses yet, it works well without signing the response.