Hi,
I am using SAML authentication with MS Entra as the IdP in my SonarQube Server instance. Because the SAML Signing Certificate in Entra has a limited lifespan, I have to renew it from time to time and update the certificate in the SonarQube configuration. The problem is that as soon as you activate a new certificate in Entra, the old one is inactive and logins will fail until you update the server config.
As an alternative many applications support configuring the App Federation Metadata Url instead, where all necessary configuration (including the certificates) can be retrieved from. I would like to propose adding this feature to SonarQube Server aa well to improve availability and ease operations.
Best regards,
Sebastian