Azure AD integration with sonarqube

Question

I am running sonarqube on https by using nginx reverse proxy.

This is my nginx reverse proxy config.


server{
   server_name sonarqube.mydomain.co.in;
    access_log  /var/log/nginx/sonar.access.log;
    error_log   /var/log/nginx/sonar.error.log;
    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    location / {
        proxy_pass  http://127.0.0.1:9000;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto http;
        proxy_set_header X-Forwarded-Proto https;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/sonarqube.mydomain.co.in/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sonarqube.mydomain.co.in/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server{
    if ($host = sonarqube.mydomain.co.in) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



    listen      80;
   server_name sonarqube.mydomain.co.in;
    return 404; # managed by Certbot


}

I have added sonarqube from the gallery in Azure AD. After that I selected SAML in my AZURE SSO.In my reply url I have configured https://sonarqube.mydomain.co.in/oauth2/callback/saml and in my signin url https://sonarqube.mydomain.co.in. I have configured the relative fields from azure AD to my sonarqube plugin.

Now when I try to login through SAML in my sonarqube I get this error

You're not authorized to access this page. Please contact the administrator.

Reason: The response was received at http://sonarqube.mydomain.co.in/oauth2/callback/saml instead of https://sonarqube.mydomain.co.in/oauth2/callback/saml

Is this because of my nginx reverse proxy config? How can I fix this? Any help would be appreciated

we solved that which http response header(X-Forwarded-Proto) rewrite: http -> https — Aleksei Kurepin, Jun 30 '23 at 11:53

score 2 · Accepted Answer · answered Nov 18 '21 at 12:06

• According to the sonarqube documentation for configuring reverse proxy, it should be configured to set the value ‘X_FORWARDED_PROTO: https’ in each http request header. Without this property, redirection initiated by the SonarQube server will fall back on HTTP. In your code, you have incorrectly specified to redirect the requests from HTTP to HTTPS. You have not specified any location under ‘location’ parameter to return to under the ‘server’ class. The correct script format should be as below: -

     ‘ server {
       listen 80;
       server_name sonarqube.mydomain.co.in;
       if ($host = sonarqube.mydomain.co.in)
       location /
       return 301 https://$host$request_uri;
     }
   } ‘

Also, please remove the ‘proxy_redirect off’ parameter passed in your code which holds back the redirection requests through the nginx proxy and remove the ‘proxy_set_header X-Forwarded-Proto http’ parameter also. And instead of ‘proxy_set_header X-Forwarded-Proto https’, you can pass a variable like ‘$redirect’ and define the variable as below to ensure all requests reach on HTTPS port: -

if ($scheme != "https") {
 return 301 https://$host$request_uri permanent;
 }

score 0 · Answer 2 · answered Jan 11 '23 at 07:11

0

Reverse proxy configuration isn't needed. Server base URL needs to be configured properly.

https://stackoverflow.com/a/75078571/4069872

answered Jan 11 '23 at 07:11

Karl Casas

805
9
9

Azure AD integration with sonarqube

2 Answers2

Linked