SAML issues using OKTA with NGNIX

I am currently using SonarQube 9.2, I have NGNIX setup and am trying to setup OKTA.

I have gone though the configuration with our OKTA admin and when I attempt to login using SAML I get the following error in my web.log:

==> web.log <==

2022.01.25 20:00:40 ERROR web[AX21XrNzNxXlmcQ7AJS6][c.o.s.a.SamlResponse] The response was received at http://sonarqube.abu-dev.keurig.com:9000/oauth2/callback/saml instead of https://sonarqube.abu-dev.keurig.com/oauth2/callback/saml
2022.01.25 20:00:40 ERROR web[AX21XrNzNxXlmcQ7AJS6][c.o.saml2.Auth] processResponse error. invalid_response

I am not sure if this is a misconfiguration of NGNIX or something else I am also seeing this above:

2022.01.25 20:02:55 ERROR web[AX21XrNzNxXlmcQ7AJTT][c.o.saml2.Auth] processResponse error.SAML Response not found, Only supported HTTP_POST Binding
2022.01.25 20:02:55 WARN  web[AX21XrNzNxXlmcQ7AJTT][o.s.s.a.AuthenticationError] Fail to callback authentication with 'saml'
java.lang.IllegalStateException: Fail to process response
        at org.sonar.auth.saml.SamlIdentityProvider.processResponse(SamlIdentityProvider.java:151)

Hey there.

Make sure you are setting the header

X-Forwarded-Proto https;

as noted in the documentation on Securing your Server behind a Proxy.

At the very least, let’s make sure you make it past the current error before diving deeper in the logs :slight_smile:

I am already setting that in my NGNIX configuration

    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto https;

I am still getting the same error in my web.log

Anyone else have any ideas I am still stuck

Hi,

Maybe this thread will help:

Also this:

 
HTH,
Ann

Not really one of the links you gave me shows the exact error I am seeing and there is no resolution in that forum post.

Additional log files if helpful:

=

=> web.2022-01-24.log <==
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: com.onelogin.saml2.exception.Error: SAML Response not found, Only supported HTTP_POST Binding
	at com.onelogin.saml2.Auth.processResponse(Auth.java:689)

I need to create a user on the sonarqube side right to login? I have done that and it still does not work.