SSO OAUTHSTATE issue

Version: Sonarqube-developer 7.9.1
Issue: Okta SSO works but after signing into the app we see the following error. Is this a known issue and is there any known workarounds.

Workaround: Clicking “Home”, “Login”, “Log in with SAML” allows the login.

“You’re not authorized to access this page. Please contact the administrator.
Reason: Cookie ‘OAUTHSTATE’ is missing”

Hi @mleisenr82 and welcome to this forum !

In order to investigate your issue, could you please :

  • Activate the DEBUG log level (Administration -> System -> Set Logs level to DEBUG)
  • Try to authenticate
  • Check the logs/web.logs file, search for any ERROR and WARN lines, and report them here.

Regards,
Julien Lancelot

Hey Julien!

The only logs I currently have for ERROR/WARN:
-bash-4.2$ cat web.log | grep WARN

2019.09.16 12:00:52 WARN web[o.s.s.a.LogOAuthWarning] For security reasons, OAuth authentication should use HTTPS. You should set the property ‘Administration > Configuration > Server base URL’ to a HTTPS URL.

2019.09.16 12:00:52 WARN web[o.s.a.s.w.WebService$Action] The response example is not set on action api/plugins/download

2019.09.16 12:00:52 WARN web[o.s.a.s.w.WebService$Action] The response example is not set on action api/permissions/search_templates

2019.09.16 12:00:52 WARN web[o.s.a.s.w.WebService$Action] The response example is not set on action api/support/info

2019.09.16 15:03:30 WARN web[o.s.s.a.LogOAuthWarning] For security reasons, OAuth authentication should use HTTPS. You should set the property ‘Administration > Configuration > Server base URL’ to a HTTPS URL.

2019.09.16 15:03:31 WARN web[o.s.a.s.w.WebService$Action] The response example is not set on action api/plugins/download

2019.09.16 15:03:31 WARN web[o.s.a.s.w.WebService$Action] The response example is not set on action api/permissions/search_templates

2019.09.16 15:03:31 WARN web[o.s.a.s.w.WebService$Action] The response example is not set on action api/support/info

Just some background. We installed this within AWS. It’s currently sitting behind a loadbalancer that does the SSL offloading to the instance. User -> ELB(HTTPS via 9000) -> Sonarqube (9000).

It seems my issue is very similar to the following link since the login is initiated from Okta. That being said is there a work-a-round to this?

I’m sorry, I’m not aware of any workaround about this issue with Okta…