When calling the APIs requiring authentication, it still returns a 401 failure. I have tried to use both admin:admin as well as issuing a user token for admin and sending :
When I try the /authentication/validate method - it returns false.
Logs show an issue with JWT and CSFR 2019.09.04 19:53:46 DEBUG web[AWz9tweGt3amXgFsAAFZ][auth.event] login failure [cause|Wrong CSFR in request][method|JWT][provider|LOCAL|local][IP|10.75.12.1|10.128.132.20][login|admin]
When you perform a cURL request, you can only pass a local user account, not a SAML account. You mention admin:admin; you are sure this is the correct username and password? It should work. For instance, this works with a brand new SQ instance:
You can use user tokens for this. We have AD Service Accounts used for API integration. We pass in a token created for the user account rather than the strict user:password pair. This seems to work for us.
I should note we have 2 URLs for Sonarqube: Sonarqube and SonarqubeDirect. The former is SSO, the latter is unprotected. Duh. I should have stated that up front. If you go to a protected URL you have to have credentials in session. If you’re not working in a browser you don’t have that. It’s difficult at best to contact any SSO URL via scripting. You need a secondary access point that is unprotected.
Two F5 load balancer entries. The first is SAML protected, the second is not. The first only works for Web UI users. The second requires authentication via a Sonarqube token. Both point to the Sonarqube server:port.