Sign-on URL's value when configure Azure AD SSO for SonarQube

dangbunf · December 1, 2020, 12:47am

We are integrating Azure AD SSO with SonarQube.
（SonarQube Version： Developer Edition Version 7.9.2 (build 30863)）

When configuring Azure AD SSO, Sign-on URL is needed but we can’t find any information about it after we look through the SonarQube official document and Community.

The official document of Azure AD is mentioned that we should set below values for Sign-on URL, but we get “This page cannot be opened, the server with this page is not responding” error while set “https://servicescode-dev.westus.cloudapp.azure.com” for our dev environment.

The official document of Azure AD：
“https://docs.microsoft.com/ja-jp/azure/active-directory/saas-apps/sonarqube-tutorial”

In the Sign-on URL text box, type a URL:
For Production Environment
https://servicessonar.corp.microsoft.com/
For Dev Environment
https://servicescode-dev.westus.cloudapp.azure.com

It’s appreciated if you can give me any suggestions or ideas.

Thanks in advance.

Colin_SonarSource · December 1, 2020, 9:55am

Hey there.

Their documentation isn’t particularly clear that you should be using your own SonarQube server URL here. You should substitute your own SonarQube URL + /oauth2/callback/saml

For example: https://mysonarserver/oauth2/callback/saml

dangbunf · December 2, 2020, 3:25am

Hi Colin,

Thank you very much.

We set our SonarQube URL + /oauth2/callback/saml for the Sign-on URL and we get another error.

You’re not authorized to access this page. Please contact the administrator.

Is there any ideas?

Colin_SonarSource · December 2, 2020, 9:06am

I’d start looking in your web.log (potentially with log level increased to DEBUG in the global Administration > System > Log level) for further details.

dangbunf · December 2, 2020, 9:34am

Here is our web log.
sonarqube_web.log (133.0 KB)

Colin_SonarSource · December 2, 2020, 10:26am

It looks like a SAML response isn’t being returned,Caused by: com.onelogin.saml2.exception.Error: SAML Response not found, Only supported HTTP_POST Binding.

This is a pretty generic error that usually implies some configuration issue on the IDP (Identity Provider, here Azure AD SSO) side.

Can you share screenshots of your configuration in Azure AD SSO?
Have you added users to the application you’ve created in Azure AD SSO (specifically the user you’re trying to login with?)

dangbunf · December 3, 2020, 3:08am

Here is our configuration.

Have you added users to the application you’ve created in Azure AD SSO

yes.

dangbunf · December 10, 2020, 2:52am

Hi, Colin
Is there any update for this?

khopithan · February 8, 2021, 6:27am

Hi @dangbunf ,

Can you show your SSO configuration in SonarQube ? And plz share the document which you referred ? Thanks.

Regards,
Khopi