I am trying to integrate Sonar 10.3.0.82913 with SAML (AAD) and have struggled for days getting it working with IIS. I am fairly sure I have read all of the existing discussions and tried the various suggestions. This is the error:
Sonar and IIS are running on a Windows server (VM) manually deployed. IIS is running on http because we have Application Gateway acting as the SSL terminator.
For the set up I have:
- Sonar - Server base URL -
https://xxxxxx.com/alm/sonar/ - Sonar - SAML Auth Set up and Test configuration works
- IIS - Reverse Proxy rewrite rule configure
- IIS - HTTP_X_FORWARDED_PROTO = https
- IIS - Site Proxy unchecked reverse rewrite host
Now when I click Login it redirects to AAD and successfully authenticates (checked AAD logs). I have also proved this fails if I change the reply URL to a wrong value. I can also show the reply URL is being generated from the Server Base URL set above. This is:
https://xxxxxx.com/alm/sonar/oauth2/callback/saml
It seems that even though Sonar is generating the correct reply URL before the SAML auth request it then compares the reply URL in the response with what it perceives as the URL which is actually the local server URL so something like this (wrong URL):
https://<machine domain hostname>/alm/sonar/oauth2/callback/saml
So in short it is a Sonar generated error not a AAD one that took me a long time to realise
Now I can see that it determines the protocol for the wrong URL using the value of HTTP_X_FORWARDED_PROTO by switching between http/https.
I have also tried to influence the domain in this wrong URL by setting:
- HTTP_X_FORWARDED_HOST =
xxxxxx.com - ORIGINAL_URL -
https://xxxxxx.com/alm/sonar/oauth2/callback/saml - HTTP_X_FORWARDED_FOR =
xxxxxx.com
But nothing seems to work, what am I missing?
Thanks in advance.
