SonarQube 10.1 - SAML Login Failing

Details:

• SonarQube 10.1.0.73491
• Windows Server 2022, openJDK 17.0.5+8 x64, zip file deployment, Azure Cloud SQL Instance
• SAML Authentication link seems to have stopped working

A little more than a week ago, I lost the ability to be able to login using SAML authentication to my SonarQube server. All my Azure DevOps pipelines are working just fine and anything through the API seems to be unimpacted but when you attempt to manage the server by hand, you can no longer login and you get stuck at the “Loading” screen.

The normal login pattern for users/administrators of SonarQube:

1. Users/admins navigate to their Microsoft “MyApps” home page
2. Users/admins select the “SonarQube” tile from their MyApps list
3. Loading screen flashes for a second
4. Users get presented a screen that says “Log in to SonarQube” and they are presented with 2 options: A) Log in with SAML B) More Options
5. Users click “Log in with SAML” and get logged into SonarQube with appropriate permissions

Current problematic behavior:

1. Users/admins navigate to their Microsoft “MyApps” home page
2. Users/admins select the “SonarQube” tile from their MyApps List
3. Loading Screen appears and wheel spins
4. Users/admins cannot get any further in the process

Further Context:

• SonarQube is flowing through Cloudflare’s WAF.
• Cloudflare is providing the Certificate and the HTTPS entry point for SonarQube
• Cloudflare connects to SonarQube on port 80 at a firewal (HTTP)
• The firewall has a DNAT that sends the inbound connection to SonarQube on port 9000 (HTTP)
• There have been no significant changes to the Cloudflare configuration and I have a call scheduled with them for Wednesday to see if they see anything that’s wrong.
• If I connect to the IP address of SonarQube and bypass Cloudflare, I can get past the loading screen and get presented with the login options. Problematically, you cannot login using SAML though because the Azure Active Directory connection requires HTTPS to work (has to go through Cloudflare).
• When comparing the connection between the two methods of entry to the SonarQube system, when using the HTTPS connection through Cloudflare, I never see the connection get past out76BEEV3R.js however, when using the HTTP connection directly to the firewall, I successfully see the HAR file get past that javascript.
• This entire SAML auth process has been working for months as is. There has never been any problems with it until 7/29

Any help on troubleshooting this would be appreciated. Thanks

Hi Jonathan,

Your version is past EOL. You should upgrade to either the latest version or the current LTA (long-term active version) at your earliest convenience. Your upgrade path is:

10.1 → 10.6

You may find these resources helpful:

• Upgrade Guide

Best regards.

I appreciate the response but this is not helpful. Priority right now is to get my developers back to work. Unless you are saying that SAML auth will magically start working again if I upgrade… but I doubt that’s the case since this was operational 7 days ago.

Then you must check your identity provider and your authentication. If nothing has changed on SonarQube side the issue should be on your external integration.

Best regards.

This issue was resolved. Our WAF had cached and corrupted the out76BEEV3R.js script. When it was being called from our CDN cache, the browser was trying to process the corrupted cached object. I dumped the cache and refreshed it and the application worked.

I will begin the process of updating the Sonarqube server now that I have access back.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.