Sonarqube 10.7.0 doesn't support saml authentication

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube Server / Community Build, Scanner, Plugin, and any relevant extension) Sonarqube 10.7.0 Community
  • how is SonarQube deployed: Helm
  • what are you trying to achieve: Upgrade from 9.9.5 to 10.7.0
  • what have you tried so far to achieve this : Updated plugin versions as per Matrix

Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!

Sonar.properties :

sonar.auth.github.allowUsersToSignUp=false
sonar.auth.saml.applicationId=bnpe.us.example.com
sonar.auth.saml.certificate.secured=<saml provided cert>
sonar.auth.saml.enabled=true
sonar.auth.saml.group.name=Group
sonar.auth.saml.loginUrl=https://fedsso.example.com/idp/SSO.saml2
sonar.auth.saml.providerId=fedsso.example.com
sonar.auth.saml.providerName=SSO
sonar.auth.saml.signature.enabled=true
sonar.auth.saml.user.email=Email
sonar.auth.saml.user.login=Username
sonar.auth.saml.user.name=Display Name
sonar.ce.javaAdditionalOpts=-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.22.0.jar=ce
sonar.core.serverBaseURL=https://example.com/npe-sonarqube
sonar.forceAuthentication=true
sonar.pullrequest.provider=GitHub
sonar.updatecenter.activate=false
sonar.web.context=npe-sonarqube
sonar.web.javaAdditionalOpts=-javaagent:/opt/sonarqube/extensions/plugins/sonarqube-community-branch-plugin-1.22.0.jar=web
not ablet to login in  console :--->
logs 

WARN  web[9d506812-dbf7-4b43-9c3f-9f90049ea059][o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'saml'      
java.lang.IllegalStateException: Failed to create a SAML Auth
        at org.sonar.auth.saml.SamlAuthenticator.initSamlAuth(SamlAuthenticator.java:107)
        at org.sonar.auth.saml.SamlAuthenticator.initLogin(SamlAuthenticator.java:91)
        at org.sonar.auth.saml.SamlIdentityProvider.init(SamlIdentityProvider.java:79)
        at org.sonar.server.authentication.InitFilter.handleOAuth2IdentityProvider(InitFilter.java:103)
        at org.sonar.server.authentication.InitFilter.handleProvider(InitFilter.java:75)
        at org.sonar.server.authentication.InitFilter.doFilter(InitFilter.java:65)
        at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:227)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:198)
        at org.sonar.server.platform.web.MasterServletFilter$HttpFilterChainAdapter.doFilter(MasterServletFilter.java:241)
        at org.sonar.server.authentication.DefaultAdminCredentialsVerifierFilter.doFilter(DefaultAdminCredentialsVerifierFilter.java:83)
        at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:227)
        at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:198)
        at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:146)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:83)
        at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:70)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.sonar.server.platform.web.CspFilter.doFilter(CspFilter.java:62)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:60)
        at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:47)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:56)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.sonar.server.platform.web.EndpointPathFilter.doFilter(EndpointPathFilter.java:47)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:65)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:115)
        at jdk.internal.reflect.GeneratedMethodAccessor172.invoke(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.base/java.lang.reflect.Method.invoke(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166)
        at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128)
        at java.base/java.security.AccessController.doPrivileged(Unknown Source)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
        at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:267)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:388)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:936)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
        at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
        at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.IllegalArgumentException: Service provider certificate is missing
        at org.sonar.auth.saml.SamlSettings.lambda$getServiceProviderCertificate$7(SamlSettings.java:98)
        at java.base/java.util.Optional.orElseThrow(Unknown Source)
        at org.sonar.auth.saml.SamlSettings.getServiceProviderCertificate(SamlSettings.java:98)
        at org.sonar.auth.saml.SamlAuthenticator.initSettings(SamlAuthenticator.java:125)
        at org.sonar.auth.saml.SamlAuthenticator.initSamlAuth(SamlAuthenticator.java:105)
        ... 160 common frames omitted

Same configuration is working in Sonar 9.9.5-community version & it is not working in 10.7.0-community so no issue with SAML certificate and no change in sonar.properties

Hey there.

All the sonar.auth.saml.* configuration should be set in the UI, and not in the conf/sonar.properties file. This is also true for these configuration parameters.

sonar.auth.github.allowUsersToSignUp=false
sonar.core.serverBaseURL=https://example.com/npe-sonarqube
sonar.forceAuthentication=true
sonar.pullrequest.provider=GitHub

If it as working in previous versions of SonarQube, that was undefined behavior.

Can you try configuring SAML through the UI and see if it fixes the issue?

Its worked