Support for SAML App Federation Metadata

Hi,

I am using SAML authentication with MS Entra as the IdP in my SonarQube Server instance. Because the SAML Signing Certificate in Entra has a limited lifespan, I have to renew it from time to time and update the certificate in the SonarQube configuration. The problem is that as soon as you activate a new certificate in Entra, the old one is inactive and logins will fail until you update the server config.

As an alternative many applications support configuring the App Federation Metadata Url instead, where all necessary configuration (including the certificates) can be retrieved from. I would like to propose adding this feature to SonarQube Server aa well to improve availability and ease operations.

Best regards,

Sebastian

Hello @seschi98,
Thanks for the sharing such a clear context, that makes a lot of sense.
I have noted your request to support metadata URL for SAML configuration in SonarQube Server.
Just to share in case you find it interesting, metadata URL is available for SSO configuration on SonarQube Cloud.

Hey,

Thank you very much! That is very interesting. Unfortunately we are currently not able to use the Cloud version, but since the feature already is implemented there it is maybe possible to also add it to the SonarQube Server version.

Best regards,

Sebastian