SonarQube failed to login with aad-auth plugin 2.0.0

abhilash_pimpalnerka · July 22, 2025, 6:53am

Hi Ann,

I hope you are doing well!

After many days I am replying here, I have reconfigured the Enterprise Application and did the SonarQube SAML configurations again. I am facing the same issue as reported.

Below are the sonarqube_web logs.

2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.a.x.s.u.DigesterOutputStream] <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="xxxxxx-xxxxx-xx-xxxxxxxx-xxxxxxx-xxxxx" IssueInstant="2025-07-22T06:29:38.789Z" Version="2.0"><Issuer>https://sts.windows.net/<xxxxxx-xxxxxx-xxxxxx-xxxxx-xxxxx>/</Issuer><Subject><NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">firstname.lastname@example.com</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData InResponseTo="xxxxxx-xxxxx-xx-xxxxxxxx-xxxxxxx-xxxxx" NotOnOrAfter="2025-07-22T07:29:38.633Z" Recipient="https://sonarqube_server_url/oauth2/callback/saml"></SubjectConfirmationData></SubjectConfirmation></Subject><Conditions NotBefore="2025-07-22T06:24:38.633Z" NotOnOrAfter="2025-07-22T07:29:38.633Z"><AudienceRestriction><Audience>spn:8ddbb22f-7683-4228-be31-cbf8353ffbf7</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"><AttributeValue>xxxxxx-xxxxx-xx-xxxxxxxx-xxxxxxx-xxxxx</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/objectidentifier"><AttributeValue>xxxxxx-xxxxx-xx-xxxxxxxx-xxxxxxx-xxxxx</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"><AttributeValue>firstname.lastname@example.com</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"><AttributeValue>Pimpalnerkar</AttributeValue></Attribute><Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"><AttributeValue>Abhilash</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/displayname"><AttributeValue>Pimpalnerkar, A. (Abhilash)</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/identity/claims/identityprovider"><AttributeValue>https://sts.windows.net/xxxxxx-xxxxx-xx-xxxxxxxx-xxxxxxx-xxxxx/</AttributeValue></Attribute><Attribute Name="http://schemas.microsoft.com/claims/authnmethodsreferences"><AttributeValue>http://schemas.microsoft.com/claims/multipleauthn</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2025-07-21T14:28:50.151Z" SessionIndex="xxxxxx-xxxxx-xx-xxxxxxxx-xxxxxxx-xxxxx"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Unspecified</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion>
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.a.x.s.s.Reference] Verification successful for URI "xxxxxx-xxxxx-xx-xxxxxxxx-xxxxxxx-xxxxx"
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.a.x.s.s.Manifest] The Reference has Type 
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.x.s.s.i.p.ApacheSantuarioSignatureValidationProviderImpl] Signature validated with key from supplied credential
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.x.s.s.i.BaseSignatureTrustEngine] Signature validation using candidate credential was successful
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.x.s.s.i.BaseSignatureTrustEngine] Successfully verified signature using KeyInfo-derived credential
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.x.s.s.i.BaseSignatureTrustEngine] Attempting to establish trust of KeyInfo-derived credential
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.x.s.s.i.BaseSignatureTrustEngine] Failed to establish trust of KeyInfo-derived credential
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.x.s.s.i.BaseSignatureTrustEngine] Failed to verify signature and/or establish trust using any KeyInfo-derived credentials
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.x.s.s.i.ExplicitKeySignatureTrustEngine] Attempting to verify signature using trusted credentials
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.x.s.s.i.ExplicitKeySignatureTrustEngine] Failed to verify signature using either KeyInfo-derived or directly trusted credentials
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.s.s.a.SAML20AssertionValidator] Evaluating Assertion Issuer of : https://sts.windows.net/xxxxxx-xxxxx-xx-xxxxxxxx-xxxxxxx-xxxxx/
2025.07.22 06:29:39 DEBUG web[9732380d-dd95-4c77-8dc3-b9ee4f27abf0][o.o.s.s.a.SAML20AssertionValidator] Failed to match Issuer to any supplied valid issuers: [xxxxxx-xxxxx-xx-xxxxxxxx-xxxxxxx-xxxxx]

Can you please check and help me to fix this issue.

Regards,
Abhilash

Topic		Replies	Views
SAML authentication with Azure Active Directory on SonarQube 9.2.4 on AKS SonarQube Server / Community Build sonarqube , active_directory , saml	11	1938	October 16, 2023
Setting up SAML Authentication with Azure - "The response was received at http instead of https" SonarQube Server / Community Build authentication , sso , azure	2	893	June 5, 2024
Sonarqube 10.7.0 doesn't support saml authentication SonarQube Server / Community Build bump	4	107	December 10, 2024
Cannot Use Log In with Microsoft After Upgrading from 10-Developer to 2025.1.1-developer SonarQube Server / Community Build sonarqube	1	39	July 30, 2025
Azure AD integration configuration not working SonarQube Server / Community Build azure	25	218	December 5, 2024

SonarQube failed to login with aad-auth plugin 2.0.0

Related topics