SonarQube and SAML Authentication with Okta

SonarQube Guides
,
1

Hello!

Some users request guidance for integrating SAML authentication when using Okta as an identity provider.

I recently pulled together some detailed information internally based on my experience with a test organization in Okta, and I’m happy to share it with our awesome community!

You may need to adjust based on your specific set of circumstances, but I hope this gets you started.

1. Create a new application in Okta

1OktaStart
1OktaStart2148×1258 290 KB

2. Configure General Settings for your Application

2OktaGeneralSettings
2OktaGeneralSettings2114×1484 174 KB

  • I recommend checking “Do not display application icon to users” as it is currently only possible to initiate a login from SonarQube itself.

3. Configure SAML for your Application

3OktaConfigureSaml
3OktaConfigureSaml2194×1558 285 KB

  • The Single Sign-On URL should be set as https://sonarqube.mycompany.com/oauth2/callback/saml, adjusted for the actual URL of your SonarQube instance
  • I recommend setting the SP Entity ID as sonarqube

4. Set up your mapping between attributes

4AttributeStatements
4AttributeStatements1452×634 36.9 KB

  • Specifically SonarQube will need to know the user’s name, username (login), and email. Here you could also pass information about the groups the user belongs to, if you wish to enable Group Mapping.

5. Confirm you are an Okta user setting up an internal application

5Feedback
5Feedback2086×796 81.1 KB

6. Browse to Okta Setup Instructions

6ViewSetupInstructions
6ViewSetupInstructions2098×1492 298 KB

7. Take note of the Single-Sign On URL, Issuer, and Certificate

7SetupDetails
7SetupDetails3078×1834 206 KB

8. Browse to SonarQube Administration > General

8SQGeneral
8SQGeneral2618×1068 182 KB

  • Make sure sonar.core.serverBaseURL is set correctly

9. Browse to SonarQube Administration > Security > SAML

9SQAdminConfiguration
9SQAdminConfiguration2214×1038 152 KB

  • Enable SAML
  • Set the SP Entity ID configured in Step 3 (usually sonarqube)

10. Provide Metadata from the SAML Provider

10SQProviderInfo
10SQProviderInfo2222×906 183 KB

  • Configure Provider ID, SAML login URL, and Provider Certificate with the values from Step 7

11. Add the appropriate attributes defined in Step 4

11SQAttributes
11SQAttributes2216×956 133 KB

  • You can also add an attribute to the SAML group attribute if you chose to pass group information.

12. You can now try logging in with SAML!

12SQSAMLLogin
12SQSAMLLogin910×652 15.2 KB

  • Make sure you’ve added users to the application!

If you receive an error while authenticating with SAML, troubleshooting information should be available in the $SONARQUBE_HOME/logs/web.log file of your instance.

If you run into any trouble or have feedback on this guide, don’t hesitate to create a new post in the Community.

8 Likes