- Version: 2025.2 SonarServer Enterprise
- Manually installed on a VM
- Understand two similar but related scenarios
- Authentication linked to Entra ID using SAML, membership of an Entra ID group is a pre-requisite to get access to SonarQube
So I have a pre-prod and a prod instance running configured as above, the prod instance mainly works.
The pre-prod instance was running fine a few weeks ago but now all users are blocked from accessing with this message. All users have existing accounts in SonarQube.
I can still log in with the admin account and the logs are:
2025.05.07 11:40:56 WARN web[10504c54-f107-404c-be9e-231fdc2a57b8][o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'saml'
java.lang.IllegalArgumentException: Input byte[] should at least have 2 bytes for base64 bytes
at java.base/java.util.Base64$Decoder.decodedOutLength(Base64.java:709)
at java.base/java.util.Base64$Decoder.decode(Base64.java:565)
at java.base/java.util.Base64$Decoder.decode(Base64.java:589)
at org.sonar.auth.saml.SamlPrivateKeyConverter.toPrivateKey(SamlPrivateKeyConverter.java:36)
at org.sonar.auth.saml.SonarqubeRelyingPartyRegistrationRepository.addSignRequestFieldsIfNecessary(SonarqubeRelyingPartyRegistrationRepository.java:100)
at org.sonar.auth.saml.SonarqubeRelyingPartyRegistrationRepository.findByRegistrationId(SonarqubeRelyingPartyRegistrationRepository.java:68)
at org.springframework.security.saml2.provider.service.web.DefaultRelyingPartyRegistrationResolver.resolve(DefaultRelyingPartyRegistrationResolver.java:83)
at org.sonar.auth.saml.SonarqubeRelyingPartyRegistrationResolver.resolve(SonarqubeRelyingPartyRegistrationResolver.java:45)
at org.springframework.security.saml2.provider.service.web.authentication.BaseOpenSamlAuthenticationRequestResolver.resolve(BaseOpenSamlAuthenticationRequestResolver.java:145)
at org.springframework.security.saml2.provider.service.web.authentication.OpenSaml4AuthenticationRequestResolver.resolve(OpenSaml4AuthenticationRequestResolver.java:69)
at org.sonar.auth.saml.RedirectToUrlProvider.getRedirectToUrl(RedirectToUrlProvider.java:46)
at org.sonar.auth.saml.SamlAuthenticator.initLogin(SamlAuthenticator.java:58)
at org.sonar.auth.saml.SamlIdentityProvider.init(SamlIdentityProvider.java:74)
at org.sonar.server.authentication.InitFilter.handleOAuth2IdentityProvider(InitFilter.java:103)
at org.sonar.server.authentication.InitFilter.handleProvider(InitFilter.java:75)
at org.sonar.server.authentication.InitFilter.doFilter(InitFilter.java:65)
at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
at org.sonar.server.platform.web.MasterServletFilter$HttpFilterChainAdapter.doFilter(MasterServletFilter.java:208)
at org.sonar.server.authentication.DefaultAdminCredentialsVerifierFilter.doFilter(DefaultAdminCredentialsVerifierFilter.java:83)
at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:126)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:83)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:70)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.CspFilter.doFilter(CspFilter.java:67)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:60)
at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:47)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:56)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.EndpointPathFilter.doFilter(EndpointPathFilter.java:47)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:65)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:115)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:483)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:268)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:397)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:905)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
at java.base/java.lang.Thread.run(Thread.java:833)
I am fairly sure I haven’t changed anything so looking for guidance on potential issues.