SonarQube to Azure AD is failing with 401 error in logs

Question

I have nginx-->SonarQube. nginx is able to forward requests successfully. We want to integrate Authentication with Azure AD. We followed instructions from here: https://www.emtec.digital/think-hub/blogs/sonarqube-integration-azure-active-directory/

So when I access https://mycompany.com, I get login page which has "Login with Microsoft" and More options(you can login with local user). When I enter username and password for Microsoft , we see that Azure AD is returning the token, but SonarQube rejects after that. I see that in the sonarqube access log

"GET /api/navigation/global HTTP/1.1" 401 - "https://mycompany.com/sonar/oauth2/callback/aad?co

So it goes back to login page again. Not sure what I am doing wrong.

Answer 1

Please check with below points:

1. Try upgrading sonarqube to the latest version.
2. The redirect URL should be configured with a correct URL, e.g. https:// sonarqube.example.com/oauth2/callback/aad. Here /oauth2/callback/aad is a must in addition to the application URL. For example, if your main URL is "https://sonarqube.example.com" in sonar server base url , you would enter "https://sonarqube.example.com/oauth2/callback/aad" as redirect url in aad.
3. Make sure the user has required role or permissions to access . Set the required permissions in portal and grant consent if required i) Sign in and read user profile ii) Read all users’ basic profiles
4. Also please check http redirection - Stack Overflow reference .The redirect URL must have a https or loopback address, else the Azure AD login will not work. Try clearing the cookies and Restart after any changes made

Referencs:

1. sonar-auth-aad (github)
2. running-sonarqube-behind-an-iis-reversed-proxy
3. docs.sonarqube.org