SAML CSRF state value is invalid

Hi Guys,

We have integrated Sonarqubw with SAML integration. Getting an error while login.
Logs below:

2020.04.17 11:06:09 DEBUG web[AXGDNwSHGiojiL7hAAQL][c.o.saml2.Auth] processResponse success --> PHNhbWxwOlJlc3BvbnNlIFZlcnNpb249IjIuMCIgSUQ9InVkZy1uckxMV2suQ3J2NjEyaHdmU0pyc1JfcCIgSXNzdWVJbnN0YW50PSIyMDIwLTA0LTE3VDExOjA2OjA4LjkyNloiIHhtbG5zOnNhbWxwPSJ1
2020.04.17 11:06:09 TRACE web[AXGDNwSHGiojiL7hAAQL][sql] time=1ms | sql=select p.prop_key as "key", p.is_empty as empty, p.text_value as textValue, p.clob_value as clobValue, p.resource_id as resourceId, p.user_id as userId from properties p where p.prop_key=? and p.resource_id is null and p.user_id is null | params=sonar.auth.saml.providerName
2020.04.17 11:06:09 DEBUG web[AXGDNwSHGiojiL7hAAQL][auth.event] login failure [cause|CSRF state value is invalid][method|OAUTH2][provider|EXTERNAL|SAML][IP||][login|]
2020.04.17 11:06:10 TRACE web[AXGDNwSHGiojiL7hAAQM][o.s.s.u.UserSessionFilter] Thread[http-nio-,5,main] serves /sonarqube/sessions/unauthorized
2020.04.17 11:06:10 TRACE web[AXGDNwSHGiojiL7hAAQN][o.s.s.u.UserSessionFilter] Thread[http-nio-,5,main] serves /sonarqube/api/navigation/global

This is in browser
You’re not authorized to access this page. Please contact the administrator.
Reason: CSRF state value is invalid
Can anyone help


First of all, which authentication system are you using to do the SAML authentication ?
Then, could you please check in your proxy that you’re not disabling cookies using HTTP only flag to false ?


Hi julien,

We are using SAML PINGFederate,
All the cookies are enabled.

We are doing a POC to procure.

Please assist.


Hi Julien,

Eagerly waiting for your assistance.

Thank you!!


This issue is strange, could you please check that the following cookie exist : XSRF-TOKEN


@manojreddy did you solve this in the end? We’re experiencing the same issue.