I’m using SonarQube version 10.2.1-community deployed via Helm chart. I’m trying to authenticate using SAML Okta. The application used to work fine with LDAP until integrating it with OKTA (SAML). I am getting an error to authenticate with users:
You’re not authorized to access this page. Please contact the administrator.
And in the pod logs I have mainly these errors:
Caused by: java.io.IOException: java.lang.IllegalArgumentException: Illegal base64 character 24
at java.base/sun.security.provider.X509Factory.readOneBlock(Unknown Source)
Caused by: java.lang.IllegalArgumentException: Illegal base64 character 24
at java.base/java.util.Base64$Decoder.decode0(Unknown Source)
at java.base/java.util.Base64$Decoder.decode(Unknown Source)
ERROR web[AY3pZ3AlPh7rVGVQAAo/][c.o.s.s.Saml2Settings] idp_cert_or_fingerprint_not_found_and_required
ERROR web[AY3pZ3AlPh7rVGVQAAo/][c.o.saml2.Auth] Invalid settings: idp_cert_or_fingerprint_not_found_and_required
WARN web[AY3pZ3AlPh7rVGVQAApA][o.s.s.a.AuthenticationError] CSRF state value is invalid
In the SonarQube configuration for the Identity provider certificate I used the certificate generated during the creation of Okta application. It looks like the Java class is having issue with the format of the certificate.
Please note that I followed the exact same steps provided here for the creation of Okta application.
Thank you.
To everyone who is running through this issue deploying SonarQube community using Helm Chart; The issue was never solved by passing the certificate value to the Helm Chart, but this was solved when I setup the configuration through the console.
SOLUTION: unlike what was told by the SonarQube community manager when I posted this issue, when using the certificate you should not include the header and the footer (BEGIN CERTIFICATE, and END CERTIFICATE); use what exists in between and it should work!