I’ve been trying to setup my SonarQube application with AWS SSO service. I’ve downloaded SAML metadata file [Custom_SAML_2.0_application.txt (1.3 KB)] and configured everything according to official documentation, specifically In SonarQube settings, configure SAML authentication.
Also, attribute mapping is in place, as well as assigned users (disclosure: I have a functional Jenkins server exposed in AWS SSO through SAML, so most of configs are the same).
I’ve opened a ticket and worked with AWS Support team to debug this issue. They are claiming that SAML request is not properly created. Is there any way I can figure out how and why it’s not working? Please help me make it work…
Relevant Info:
SonarQube Community Edition Version 7.1 (build 11001)
SAML 2.0 Authentication for SonarQube Version 1.0.0 (build 116)
$ cat web.2018-08-19.log | grep ERROR
2018.08.19 19:06:08 ERROR web[AWVTip1ZxrzEZDbWAAA5][o.s.s.a.AuthenticationError] No provider key found in URI
$ cat web.2018-08-19.log | grep WARN
2018.08.19 18:51:41 WARN web[][o.s.s.a.LogOAuthWarning] For security reasons, OAuth authentication should use HTTPS. You should set the property 'Administration > Configuration > Server base URL' to a HTTPS URL.
2018.08.19 18:55:11 WARN web[][o.s.s.a.LogOAuthWarning] For security reasons, OAuth authentication should use HTTPS. You should set the property 'Administration > Configuration > Server base URL' to a HTTPS URL.
Apologies. It was my typo and I’ve double checked that it’s indeed http://sonarqube.mycompany.com/oauth2/callback …
Looks like the main reason is No provider key found in URI, but not clear if it’s because of For security reasons, OAuth authentication should use HTTPS. You should set the property 'Administration > Configuration > Server base URL' to a HTTPS URL.
What do you think?
P. S. Meanwhile, I’m working to setup TLS on this server and check it again.
Indeed, the error is No provider key found in URI., which means that the callback URL that SonarQube is receiving is wrong, but such error should not happen.
Could you please set the server logs to TRACE, then do an authentication and send us the generated logs ?
Could you guys check that the settings “Server base URL” (in Administration -> Configuration -> General Settings -> General) is correctly set to your SonarQube server’s URL ?