Environment
- Sonarqube Developer EditionVersion 9.0.1 (build 46107) – deployed through Sonarqube helm chart
- AWS ELB (L7 i.e. terminating SSL here)
- Ambassador (as Kubernetes Ingress Controller)
- IDP: Google Apps
- Traffic Flow
Internet → ELB (L7 with SSL Certificate) → Kubernetes Ingress Controller → Kubernetes Pod
Problem
Sonarqube UI is running fine, the problem is only when configuring SAML.
After configuring SAML (with Google apps), I am seeing this error on the web UI
“You’re not authorized to access this page. Please contact the administrator.”
I have debugged the SAML trace and found that the call back URL (https://sonarqube./oauth2/callback/saml) is missing the below attributes in <saml2:AttributeStatement>
- <saml2:Attribute Name=“Email”>
- <saml2:Attribute Name=“Login”>
- <saml2:Attribute Name=“Name”>
This is my ambassador mapping
---
apiVersion: getambassador.io/v2
kind: Mapping
metadata:
name: sonarqube
namespace: sonarqube
spec:
host: sonarqube.<my-domain>
prefix: /
rewrite: /
service: sonarqube-sonarqube.sonarqube.svc.cluster.local:9000
bypass_error_response_overrides: true
What else can I do to troubleshoot the issue?