Hosting

configuring SonarQube SAML with Authentik as IDP

A small guide on how to configure authentik and SonarQube for SAML to work properly.

0xC9C3

2 min read
configuring SonarQube SAML with Authentik as IDP

I had some issues during the configuration so here is how it works:

Head to your authentik instance and create a new Certificate via System -> Certificates -> Generate (or upload if you have one you want to use).

  • Set the name and validity
    • Remember that you might need to roll the certificate once it expires.
    • Download the certificate after generation by opening the accordion and clicking the "Download Certificate" Button

Inside authentik head to Applications -> Providers and create a new Provider.

The Name can be whatever you want it to be.

The Protocol settings need to be the following:

  • ACS URL: https://YOUR.SONAR,INSTANCE/oauth2/callback/saml
    • callback/saml could also be a different identifer this depends on what you will configure inside Sonarqube
  • Issuer: yourissuer
    • This is important and you will need to specify this one to Sonarqube later
  • Service Provider Bindig: Post

For the Advanced protocol settings you need the following:

  • SigningCertificate
    • Here you need to pick your certificate you generated earlier

Save your provider. Create an application and assign your provider.

Now head to Sonarqube.

Use the default admin navigation to Administration -> General

  • Configure inside General -> General -> Server base URL
    • This is important!

Head to Administration -> Authentication -> SAML

Create a new configuration with the following:

  • Application ID can be whatever you want
  • Provider Name is important and is referred to by the ACS URL parameter above!
  • Provider Id needs to be the same as the Issuer or EntityId in authentik
  • SAML Login URL needs to be
    • https://YOUR.AUTHENTIK.INSTANCE/application/saml/YOUR_AUTHENTIK_APPLICATION_SLUG/sso/binding/redirect/
  • Identity Provider Certificate needs to be the content from the certificate file you downloaded in authentik before
  • SAML User Login Attribute is
http://schemas.goauthentik.io/2021/02/saml/uid

SAML User Name Attribute is

http://schemas.goauthentik.io/2021/02/saml/username

SAML User Email Attribute is (optional)

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Troubleshooting Tip

You can set the Environment Variable 

SONAR_LOG_LEVEL_WEB=DEBUG

and will get some good detailed logs about what might have went wrong during authentication.

Remember to remove this once you are done since it does impact performance.