SonarQube and SAML authentication with OneLogin


OneLogin being used by some SonarQube users as an identity provider I write this guide so everybody can have guidance on how to achieve it.

:warning: This guide is set for my own setup, you may need to adjust it to fit your setup/needs.

1. Create an application in OneLogin

I have chosen SAML Test Connector but you can pick another one if you want.

2. Configure general and SAML settings in your Application

The SAML Recicipient URL must be set as the sonar.core.serverBaseURL with oauth2/callback/saml added.

*3. Check the response parameters

The givenName, mail and surname must be set so SonarQube can extract it from the response.

4. Get the Single Sing On informations of your applications

You need to copy the Issuer URL as well as the SAML 2.0 Endpoint and go to View details at certificate level then copy the certificate. (it should starts with -----BEGIN CERTIFICATE-----)

5. Configure SonarQube
Go to Administration > General the setup the sonar.core.serverBaseURL.

6. Setup SAML in SonarQube
Go to Administration > Security > SAML and enable SAML.

Make sure to set the Application ID with the same value as you have set in OneLogin (step 2)
Then set the Provider ID (issuer URL), SAML Login URL and Provider Certificate with the values copied in step 4.

Finally set the attribute that SonarQube has to find in the response.

They must be set as follows,

SAML user email attribute = urn:oid:
SAML user name attribute = urn:oid:
SAML user login attribute = urn:oid:

If you want to use groups, you can add a value to the SAML group attribute to pass group information.

7. Login with SAML

If you receive an error while authenticating with SAML, troubleshooting information should be available in the $SONARQUBE_HOME/logs/web.log file of your instance. The debug logs can bring more information if nothing obvious pops in the INFO logs.

If you run into any trouble or have feedback on this guide, don’t hesitate to create a new post in the Community.

1 Like