I am currently use sonaqube Version 6.7.6 (build 38781 and having a problem configuring the SAML.
I did follow the SAML plugin doc here, https://docs.sonarqube.org/display/PLUG/SAML+Authentication+Plugin
However I got an error when login:
You’re not authorized to access this page. Please contact the administrator.
I think it is related to the Assertion Point as per the above doc is:
"https://sonarqube.mycompany.com/oauth2/callback/saml"
Appreciate any help on this issue.
Thanks,
Allan
Hi @amargono,
In order to investigate what is happening, could you please :
Regards,
Julien Lancelot
Hello,
Here are an excerpt from the debug log.
Appreciate any pointers.
2019.03.27 14:01:25 INFO web[AWm8osMveq5f4nGiAAIN][o.s.s.p.ServerLogging] Level of logs changed to DEBUG
2019.03.27 14:01:25 DEBUG web[AWm8osMveq5f4nGiAAIO][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@2eaf87bb5 pairs: {GET /systemInfo HTTP/1.1: null}{User-Agent: SonarQube 6.7.6.38781 # 7DF2B8FB-AWmDBDnIVQkoUBmfyRlz Java/1.8.0_201}{Host: 127.0.0.1:63229}{Accept: text/html, image/gif, image/jpeg, *; q=.2, /; q=.2}{Connection: keep-alive}
2019.03.27 14:01:25 DEBUG web[AWm8osMveq5f4nGiAAIO][s.n.w.p.h.HttpURLConnection] sun.net.www.MessageHeader@6f9103da5 pairs: {null: HTTP/1.1 200 OK}{Content-Type: application/x-protobuf}{Date: Wed, 27 Mar 2019 19:01:25 GMT}{Connection: keep-alive}{Content-Length: 7270}
2019.03.27 14:02:34 DEBUG web[AWm8osMveq5f4nGiAAIQ][auth.event] logout success [IP|140.167.162.110|199.176.18.85:19674][login|i859999]
2019.03.27 14:02:38 DEBUG web[AWm8osMveq5f4nGiAAIn][c.o.saml2.Auth] Settings validated
2019.03.27 14:02:38 DEBUG web[AWm8osMveq5f4nGiAAIn][c.o.s.a.AuthnRequest] AuthNRequest --> <samlp:AuthnRequest xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” ID=“ONELOGIN_963367dd-9700-4ce9-a60c-29e874ee225f” Version=“2.0” IssueInstant=“2019-03-27T19:02:38Z” Destination=“https://accounts400.sap.com/saml2/idp/sso/accounts.sap.com” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” AssertionConsumerServiceURL=“https://mycompany.com/oauth2/callback/saml”><saml:Issuer>https://mycompany.com</saml:Issuer><samlp:NameIDPolicy Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified” AllowCreate=“true” /></samlp:AuthnRequest>
2019.03.27 14:02:38 DEBUG web[AWm8osMveq5f4nGiAAIn][c.o.saml2.Auth] AuthNRequest sent to https://accounts400.sap.com/saml2/idp/sso/accounts.sap.com --> fZLLbsIwEEV/JfI+iQkUiBUiUegjEgUEtItuKuMMYNWxU4/Tx983hNLSBawszdzrucfjBHmhSjas3E4v4K0CdN5noTSypjEgldXMcJTINC8AmRNsOXyYsCigrLTGGWEUObFcdnBEsE4aTbxsPCCz6c1kdpdNX+Juu93t5bkf9yj1OwJin3ep8KMY+r0OQBRdbYj3BBZr74DUV9UXIFaQaXRcu7pEW7FP237UW7ViRiPW7j8Tb1zzSM1d49o5VyILQy6EqbTDDqUB8jIQpgj30aNQ5mWIaH4Vxzbx5j+o11LnUm8vU64PImT3q9Xcn8+WK+INj+Qjo7EqwC7BvksBj4vJXzKp3Qes91M3W9XkMrzeTBQKrtSai9cmJ0mT/cGaB7DpWXMSnsqSw6anddpsPDdKii/v1tiCu/MwraDVVGTubxopqzSWIORGQl4zKWU+Rha4gwFxtgLihelh6v8
Hey Allan,
What SAML provider are you using, and… shot in the dark here, are you trying to initiate the login from the Identity/SAML provider or from the SonarQube login screen?
I ask because your URL has “idp” in it, which means it’s the URL meant to be used when initating a login from the Identity Provider (rather than “sp”, or when it’s initiated from the Service Provider, in this case SonarQube).
Colin
Hi Collin,
I used the Service Provider from SAP which is my parent company, even I used different domain for my Sonarqube installation.
Thanks,
Allan
I came across the following link, SAML IDP Initiated Login.
And I did set the login URL like https://sonar.example.com/sessions/init/saml?return_to=%2F.
However I got an error:
The page you were looking for does not exist.
Can anyone help us?
I am dealing with the same error when I use Auth0 for authentication with SAML
Hello Team,
SonarQube with IIS as proxy server integrated with saml for authentication. but still getting issue as
"You’re not authorized to access this page. Please contact the administrator.
Reason: The response was received at http://local url/oauth2/callback/saml instead of AFD domina url/oauth2/callback/saml"
also followed the SAML post still the issue persists.
Any help would be highly appreciable, struggling with this issue for last 2 days which is prod instance.
Regards
Senthil