Must-share information (formatted with Markdown):
- which versions are you using (SonarQube → 8.9.3, Scanner, Plugin, and any relevant extension → NA)
- what are you trying to achieve
- what have you tried so far to achieve this
After upgrading Sonar from version 8 to 8.9.3 our SSO login broke, we are using Azure AD for that purpose.
We are running sonar from docker,
what we can do fix the issue?
Welcome to the community!
Perhaps you can share some details of how you have SSO configured? E.G. using a community plugin, or with SAML?
Hey @ganncamp, we are using SAML to connect it to Azure AD as our Identity Provider,
All worked fine on Sonar 8, but after the upgrade to 8.9.3 the issue started.
We are running our sonar server from Docker (Sonar Developer Edition), all the solutions that I see on the comunity are about OnPrem deployments (IIS/NGINX) nothing abut docker.
This is the error message that I am getting…
**2021.12.14 21:26:23 ERROR web[AX26xTNOnEgmkD6KAADZ][c.o.s.a.SamlResponse] Invalid issuer in the Assertion/Response. Was 'https://sts.windows.net/46c98d88-e344-4ed4-8496-4ed7712e255d/', but expected '9sCHl7PKTXKRdQlblUwGXGlR3GI5kFiabCQS63Wc2vE='**
**2021.12.14 21:26:23 ERROR web[AX26xTNOnEgmkD6KAADZ][c.o.saml2.Auth] processResponse error. invalid_response**
We made some changes to SAML in the 8-series, although I’m having trouble finding the details. Can you revisit the docs since it’s possible the required configuration has changed?
Also, I’m a bit out of my depth at this point, so I’ve flagged this post for more expert attention.
@ganncamp unfortunately the documentation is not enough to provide me the root cause or direction about my issue, it just says “we added additional checks to SAML”, but what I supposed to do about that?
We followed the standards from the Identify provider (Azure AD).
If you can bring expertise to support us on this topic would be appreciate it.
hopefully you’ve solved your problem since last week.
But if not the case, I would recommend to:
- have a look at this Microsoft tutorial. I just tested with my SonarQube 9.2 and found it quite effective. I had it working for a test user in less than 1 hour.
- enable DEBUG logs on your SonarQube instance. You can do it from the Administration → System UI With only ERROR and INFO levels, you might miss some details needed for troubleshooting
From your error, the value you got as
Azure AD Identifier on AAD side may not be aligned with the one set on SonarQube side as Provider ID:
Let us know