SQ Version 8.8
I configured Sonarqube behind proxy with https proxy on port 9443 not 443 (see below)
The successful saml authentication flows to https://my.host.com:9443/oauth2/callback/saml.
But sonarqube returns error:
You’re not authorized to access this page. Please contact the administrator.
Reason: The response was received at https://my.host.com/oauth2/callback/saml instead of https://my.host.com:9443/oauth2/callback/saml
The code check of the Identify Provider does not show any handling of proxy port information:
Steps to reproduce:
- Configure Sonarqube on port 9000
- Configure https Nginx Proxy on 9443 (see nginx config below)
- Confgure Sonarqube server base url to https://my.host.com:9443
- Configure Saml authentication
Expected Result: Saml works
Actual Result: SQ Saml does not respect the provided proxy port X-Forwarded-Port and assume 443 port
server {
# listen 443 ssl spdy;
listen 443 ssl http2;
# listen [::]:443 ssl spdy;
listen [::]:443 ssl http2;
server_name localhost;
ssl_certificate /etc/nginx/certs/localhost.crt;
ssl_certificate_key /etc/nginx/certs/private.key;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
location / {
proxy_pass http://sonar-data:9000;
# Proxy headers
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
}