I have configured SAML on my sonarqube server.
When I check it with Test Configuration option then it shows error HTTP Status 500 – Internal Server Error, however after enabling the configuration SSO is working perfectly.
Only while using option Test Configuration its erroring out,
some errors i found in web.log file
Caused by: java.net.SocketException: Network is unreachable
at java.base/sun.nio.ch.Net.connect0(Native Method)
at java.base/sun.nio.ch.Net.connect(Net.java:579)
at java.base/sun.nio.ch.Net.connect(Net.java:568)
at org.sonar.core.util.DefaultHttpDownloader.executeCall(DefaultHttpDownloader.java:139)
at org.sonar.core.util.DefaultHttpDownloader.readString(DefaultHttpDownloader.java:96)
... 63 common frames omitted
Suppressed: java.net.SocketTimeoutException: Connect timed out
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:551)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:602)
... 86 common frames omitted
Suppressed: java.net.SocketTimeoutException: Connect timed out
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:551)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:602)
... 86 common frames omitted
Suppressed: java.net.SocketTimeoutException: Connect timed out
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:551)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:602)
... 86 common frames omitted
Suppressed: java.net.SocketTimeoutException: Connect timed out
at java.base/sun.nio.ch.NioSocketImpl.timedFinishConnect(NioSocketImpl.java:551)
at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:602)
... 86 common frames omitted
Suppressed: java.net.SocketException: Network is unreachable
... 90 common frames omitted
Suppressed: java.net.SocketException: Network is unreachable
... 90 common frames omitted
Suppressed: java.net.SocketException: Network is unreachable
... 90 common frames omitted
Suppressed: java.net.SocketException: Network is unreachable
... 90 common frames omitted
Suppressed: java.net.SocketException: Network is unreachable
... 90 common frames omitted
Suppressed: java.net.SocketException: Network is unreachable
... 90 common frames omitted
Suppressed: java.net.SocketException: Network is unreachable
... 90 common frames omitted
2025.06.23 11:27:20 ERROR web[][o.s.s.p.w.RootFilter] Processing of request /saml/validation failed
java.lang.IllegalArgumentException: Illegal base64 character d
As mentioned in the post I deleted the SAML configuration and again added that, but still facing same issue
Note: My SSO is working fine only its failing at test configuration.
Thank you for reporting this even tho your SSO is working fine
2025.06.23 11:27:20 ERROR web[...][o.s.s.p.w.RootFilter] Processing of request /saml/validation failed
java.lang.IllegalArgumentException: Illegal base64 character d
at org.sonar.auth.saml.SamlStatusChecker.isEncryptionEnabled(SamlStatusChecker.java:139)`:
SonarQube encountered an invalid Base64 character. This typically happens when:
The SAML response received from your Identity Provider (IdP) is malformed or corrupted.
There’s an issue with how the SAML response is being parsed or decrypted by SonarQube.
But given the earlier JCE warnings:
2025.06.23 11:25:21 WARN web[][o.o.x.c.i.JavaCryptoValidationInitializer] The JCE providers currently configured in the JVM do not support required capabilities for XML Encryption, either the 'AES' cipher algorithm or the 'ISO10126Padding' padding scheme and subsequent Algorithm failed runtime support check messages indicate that your Java Cryptography Extension (JCE) policy files might be outdated or restricted.
Please, ensure you have the unlimited strength JCE policy files installed for your JVM, especially if your IdP uses strong encryption for SAML assertions.
Authenticating using the SSO works but not the “Test Configuration” button. Thinking it was our fault we lost time trying to figure out why it didn’t work.
We don’t have the log message at startup : The JCE providers currently configured in the JVM do not support\nrequired capabilities for XML Encryption …
I looked at the code which end in error and it is a simple base64 decode:
import java.util.Base64;
…
byte decoded = Base64.getDecoder().decode(samlResponse);
Is it something you can reproduce or does the “Tes configuration” works correctly in your tests environements ?
In our environments, Test Configuration works fine.
Please give us a shout if you can still reproduce the issue when using a supported version of SonarQube (v2025.1 LTA or v2025.3). v10.6 is quite comfortably EOL.
I get the same issue: 2025.09.04 14:57:03 ERROR web[o.s.s.p.w.RootFilter] Processing of request /saml/validation?CSRFToken=j8dhg4qf4orvsmio4fmcsle938 failed
java.lang.IllegalArgumentException: Illegal base64 character 2d
at java.base/java.util.Base64$Decoder.decode0(Base64.java:852)
at java.base/java.util.Base64$Decoder.decode(Base64.java:570)
at java.base/java.util.Base64$Decoder.decode(Base64.java:593)
at org.sonar.auth.saml.SamlCertificateConverter.toX509Certificate(SamlCertificateConverter.java:37)
at org.sonar.auth.saml.SonarqubeRelyingPartyRegistrationRepository.findByRegistrationId(SonarqubeRelyingPartyRegistrationRepository.java:57)
at org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver.resolve(DefaultRelyingPartyRegistrationResolver.java:104)
at org.sonar.auth.saml.SonarqubeRelyingPartyRegistrationResolver.resolve(SonarqubeRelyingPartyRegistrationResolver.java:45)
at org.springframework.security.saml2.provider.service.web.Saml2AuthenticationTokenConverter.convert(Saml2AuthenticationTokenConverter.java:64)
at org.sonar.auth.saml.SamlResponseAuthenticator.processSamlResponse(SamlResponseAuthenticator.java:54)
at org.sonar.auth.saml.SamlResponseAuthenticator.authenticate(SamlResponseAuthenticator.java:45)
at org.sonar.auth.saml.SamlAuthenticator.getAuthenticationStatusPage(SamlAuthenticator.java:77)
at org.sonar.server.saml.ws.ValidationAction.doFilter(ValidationAction.java:96)
at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
at org.sonar.server.platform.web.MasterServletFilter$HttpFilterChainAdapter.doFilter(MasterServletFilter.java:208)
at org.sonar.server.authentication.ResetPasswordFilter.doFilter(ResetPasswordFilter.java:67)
at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
at org.sonar.server.platform.web.MasterServletFilter$HttpFilterChainAdapter.doFilter(MasterServletFilter.java:208)
at org.sonar.server.authentication.DefaultAdminCredentialsVerifierFilter.doFilter(DefaultAdminCredentialsVerifierFilter.java:83)
at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
This is on Enterprise Edition v2025.4.1 (111832). Any ideas?
Thanks for providing the error log. It seems like the system is trying to decode the certificate and encountering an invalid character, specifically the character 2d (which is a hyphen).
I would recommend to recopy the certificate. Go back to your Identity Provider (IdP) and re-copy the full certificate. Paste it directly into the SonarQube SAML configuration field, making sure no extra characters, spaces, or line breaks are included.
It should look like:
