SonarQube version : sonarqube-8.2.0.32929-developer-edition
Trying to implement LDAP for single sign on. I am facing the below error please help me to fix this issue
Thanks for the response Sylvain.
resolved the ldap issue working as expected now.
New problem:-
we are facing one more issue while integrating SAML with ping federate.
any idea where we can assign the ACS(Assertionconsumerservice) url? where we can find the metadafile? if not available by default where we have to place the metadata file?
Hi Preetham
I have no particular know-how about pingfederate SAML implementation. You may find a few references about it in this forum though.
Can you explain what you can’t configure on SonarQube to have your SAML setup up and running?
As for LDAP, you may apply verbose logs for SAML settings troubleshooting, and feel free to share some of them here.
while doing SAML implementation we are facing the below issue: application error
log error:-
2020.08.12 01:08:51 ERROR web[AXPhRrsNRxQ13c0ZAACD][c.o.saml2.Auth] processResponse error.SAML Response not found, Only supported HTTP_POST Binding
2020.08.12 01:08:51 WARN web[AXPhRrsNRxQ13c0ZAACD][o.s.s.a.AuthenticationError] Fail to callback authentication with ‘saml’
java.lang.IllegalStateException: Fail to process response
at org.sonar.auth.saml.SamlIdentityProvider.processResponse(SamlIdentityProvider.java:151)
at org.sonar.auth.saml.SamlIdentityProvider.callback(SamlIdentityProvider.java:119)
at org.sonar.server.authentication.OAuth2CallbackFilter.handleOAuth2Provider(OAuth2CallbackFilter.java:98)
at org.sonar.server.authentication.OAuth2CallbackFilter.handleProvider(OAuth2CallbackFilter.java:77)
at org.sonar.server.authentication.OAuth2CallbackFilter.doFilter(OAuth2CallbackFilter.java:70)
at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:139)
at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:88)
at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:72)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:76)
at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:48)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:62)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:256)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:615)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1627)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: com.onelogin.saml2.exception.Error: SAML Response not found, Only supported HTTP_POST Binding
at com.onelogin.saml2.Auth.processResponse(Auth.java:689)
at com.onelogin.saml2.Auth.processResponse(Auth.java:699)
at org.sonar.auth.saml.SamlIdentityProvider.processResponse(SamlIdentityProvider.java:149)
… 48 common frames omitted
Hello Preetham
from your logs and inputs I would say that SonarQube is receiving GET requests on its SAML endpoint URL, requests it is not able to handle (as it only expects SAML responses from your IdP using POST)
Did you set your IdP login endpoint as SAML login URL parameter SonarQube side?
You may check for received requests in access.log file.
the documentation for SAML delegated authentication provides configuration parameters examples for keycloack, while this community guide provides the same for Okta.
You may extrapolate from them.
The access.log line you shared may not be the one for the refused request, can you make sure about it (by matching the time info)?
And of course, when you redact logs or parameters, please use something like ‘sonarqube.mycompany.com’ for SonarQube URLs, and like ‘idp.mycompany.com’ for IDP related addresses, otherwise it all gets a little confusing…
I can’t tell exactly of course, but this seems ok.
Are you able to get SAML login prompt now?
Do you still have the same error page when you reach SonarQube UI?