SonarQube failed to login with aad-auth plugin 2.0.0

SonarQube Server / Community Build
1

Must-share information (formatted with Markdown):

  • Hi,
    I am using SonarQube Developer Editon which is deployed on Azure AKS. Today I have upgraded the version from 10.6 to 2025.1.0 with plugin sonar-auth-aad version 2.0.0. Refered from: GitHub - hkamel/sonar-auth-aad: Azure Active Directory Authentication for SonarQube
  • how is SonarQube deployed: It is deployed using helm.
  • what are you trying to achieve:
    I am trying to login with my Azure Active Directory user using sonar-auth-aad plugin to SonarQube server
  • what have you tried so far to achieve this:
    I tried to restart the server. Also by changing the plugin version still it is not working. Getting this error when I click on Login with Microsoft button on login screen.
    image
    image547×693 19 KB
2

Hi,

We don’t offer or support that plugin. You would need to contact its maintainers about its functionality.

Alternately, and the course we recommend, you could switch to using SAML.

 
HTH,
Ann

3

Hello team,
For login purposes, SAML works fine, but it does not support group synchronization since our sonarserves is not hosted over internet it is only accessible inside corporate network. Is there any other possible way for the provisioning the group synchronization to happen?

Thank you.

4

Hi @Shivashree,

Welcome to the community!

We have multiple built-in methods of authentication. All of them support group synchronization.

 
HTH,
Ann

5

Hi Ann,

I have configured the SAML authentication as per the steps given in SonarQube Documentation. I am getting below error while testing the connection.

image
image821×293 11.9 KB

Please help me with this.

6

Hi @abhilash_pimpalnerka,

What do your server logs say?

 
Ann

7 
2025.05.19 07:32:59 WARN  web[b9****-***-****-****-******][o.s.s.a.AuthenticationError] Fail to callback authentication with 'saml'
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException: Invalid signature for object [_c0****-***-****-****-******]
	at org.springframework.security.saml2.provider.service.authentication.BaseOpenSamlAuthenticationProvider.createAuthenticationException(BaseOpenSamlAuthenticationProvider.java:488)
	at org.springframework.security.saml2.provider.service.authentication.BaseOpenSamlAuthenticationProvider.process(BaseOpenSamlAuthenticationProvider.java:358)
	at org.springframework.security.saml2.provider.service.authentication.BaseOpenSamlAuthenticationProvider.authenticate(BaseOpenSamlAuthenticationProvider.java:280)
	at org.springframework.security.saml2.provider.service.authentication.OpenSaml4AuthenticationProvider.authenticate(OpenSaml4AuthenticationProvider.java:352)
	at org.sonar.auth.saml.SamlResponseAuthenticator.authenticate(SamlResponseAuthenticator.java:46)
	at org.sonar.auth.saml.SamlAuthenticator.onCallback(SamlAuthenticator.java:69)
	at org.sonar.auth.saml.SamlIdentityProvider.callback(SamlIdentityProvider.java:81)
	at org.sonar.server.authentication.OAuth2CallbackFilter.handleOAuth2Provider(OAuth2CallbackFilter.java:87)
	at org.sonar.server.authentication.OAuth2CallbackFilter.handleProvider(OAuth2CallbackFilter.java:70)
	at org.sonar.server.authentication.OAuth2CallbackFilter.doFilter(OAuth2CallbackFilter.java:63)
	at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
	at org.sonar.server.platform.web.MasterServletFilter$HttpFilterChainAdapter.doFilter(MasterServletFilter.java:208)
	at org.sonar.server.authentication.SamlValidationRedirectionFilter.doFilter(SamlValidationRedirectionFilter.java:94)
	at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
	at org.sonar.server.platform.web.MasterServletFilter$HttpFilterChainAdapter.doFilter(MasterServletFilter.java:208)
	at org.sonar.server.authentication.DefaultAdminCredentialsVerifierFilter.doFilter(DefaultAdminCredentialsVerifierFilter.java:83)
	at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:194)
	at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:165)
	at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:126)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:83)
	at org.sonar.server.platform.web.UserSessionFilter.doFilter(UserSessionFilter.java:70)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.sonar.server.platform.web.CspFilter.doFilter(CspFilter.java:67)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.sonar.server.platform.web.CacheControlFilter.doFilter(CacheControlFilter.java:76)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.sonar.server.platform.web.SecurityServletFilter.doHttpFilter(SecurityServletFilter.java:60)
	at org.sonar.server.platform.web.SecurityServletFilter.doFilter(SecurityServletFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.sonar.server.platform.web.RedirectFilter.doFilter(RedirectFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.sonar.server.platform.web.EndpointPathFilter.doFilter(EndpointPathFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.sonar.server.platform.web.RequestIdFilter.doFilter(RequestIdFilter.java:66)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.sonar.server.platform.web.RootFilter.doFilter(RootFilter.java:65)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:115)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:164)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:140)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:483)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115)
	at ch.qos.logback.access.tomcat.LogbackValve.invoke(LogbackValve.java:268)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:397)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:905)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)
	at java.base/java.lang.Thread.run(Unknown Source)
2025.05.19 07:33:21 ERROR web[b84f8046-97b2-4374-980b-0a48073693f6][c.s.f.s.api.r.b] The license is not valid
2025.05.19 07:33:22 INFO  web[7582636c-be84-4cd0-86e5-547b26907eb5][o.s.u.c.UpdateCenter] The plugin 'abap' version : 3.15.1.6010 has not been found on the update center.
2025.05.19 07:33:22 INFO  web[7582636c-be84-4cd0-86e5-547b26907eb5][o.s.u.c.UpdateCenter] The plugin 'architecture' version : 1.6.1.3772 has not been found on the update center.
2025.05.19 07:33:22 INFO  web[7582636c-be84-4cd0-86e5-547b26907eb5][o.s.u.c.UpdateCenter] The plugin 'architecturejavafrontend' version : 1.6.1.3772 has not been found on the update center.
8

Hi,

This error isn’t coming from us. From what I can tell from Googling, this is a problem with your configuration.

 
HTH,
Ann

9

I have configured by following this Configuring SAML with Entra ID | SonarQube Server Documentation

And the app registration is also correct. I have checked with our AD team as well. Is there anything I missed to configure? Please let me know how can I check?

10

Hi,

I suggest you double-check your configuration values.

 
HTH,
Ann