SAML solutions integrations with SonarQube and SonarCloud

binita_nayak · January 1, 2020, 6:57pm

Hello,

What SAML integrations are compatible with SonarQube and SonarCloud. Is PingID SAML integration possible in these ?

Wouter_Admiraal · January 2, 2020, 10:00am

We support SAML 2.0 for SonarQube (you cannot authenticate to SonarCloud using SAML). Any IdP compatible with SAML 2.0 should work. See the documentation here.

Cheers.

binita_nayak · April 7, 2020, 10:20am

I have a problem in configuring the SAML Auth with my SonarQube instance. The documentation in the official page is bit confusing.
My concerned points are -

the property ‘sonar.core.serverBaseURL’ must be set to the public URL ---- where is this done ?
Are any settings concerned with SAML auth, done in sonar.properties file ?
Is there any proper documentation of the same ?

Wouter_Admiraal · April 7, 2020, 1:24pm

Yes, sonar.core.serverBaseURL can be set in conf/sonar.properties. Any setting starting with sonar.* can be set in that file (most of them can also be set through the UI, under Administration; which is the case for all SAML settings).

We do not document all SAML IdPs . It’s a standard protocol, so on SonarQube’s side, the settings we detail (pretty profusely, I might add) for KeyCloak will usually apply as well (at least, you will find the same basic principles: a SP “identifier”, a callback URL, and a signed certificate). Usually, most of the config is done on the IdP, not the SP. The SP (SonarQube in this case) will “only” map values from the payload to user fields it knows.

I don’t know about PingID, so I cannot help you. But I’m pretty sure that, if you find any tutorial on setting up PingID with another service, the main steps will translate very well to SonarQube (again: SAML is standard, there’s nothing highly specific in SonarQube’s UI).

Unless you encounter issues that need troubleshooting, after setting everything up. But if that’s the case, please give more details.

binita_nayak · April 9, 2020, 5:11pm

After successful SAML login, I get landed in the login page again. Is it a configuration issue from the IDP side or SP end ?

binita_nayak · April 10, 2020, 11:22am

The Entity ID and ACS url such as https://mydomain.com/auth/realms/sonarqube/protocol/saml set somewhere in the sonar.properties or in UI or from the IDP end ?

Wouter_Admiraal · April 16, 2020, 11:38am

Looks like an SP-end config issue. Did you follow the documentation I linked to? There’s a section called In SonarQube, which should be fairly similar to your setup.