-
Bug
-
Resolution: Duplicate
-
Blocker
-
Windows Server 2008 R2, Jenkins installed as a service. Java version for Jenkins is 1.7.0.07-b11 (32 bit).
-
Powered by SuggestiMate
We've set up SVNKit in our Jenkins instance to use JNA to collect credentials for SVN access by setting -Dsvnkit.http.ntlm=jna in jenkins.xml. This has been working perfectly until we tried to upgrade Jenkins to 1.586, when the Jenkins JNA implementation was bumped to jna 4.10. After that, we get an "E200015: No credential to try." error.
The last working version was Jenkins 1.585 and subversion plugin 2.4.5. If I upgrade any of them, we get the error.
- depends on
-
JENKINS-28251 Subversion plugin consistent source of problems - allow native subversion client
-
- Open
-
- duplicates
-
JENKINS-27084 SVN authentication fails using subversion plugin v.2.5
-
- Reopened
-
- is duplicated by
-
JENKINS-26473 SVN cannot authenticate using Negotiate
-
- Resolved
-
[JENKINS-26158] Active Directory authentication for Subversion plugin fails
I'm actually not sure whether or not the Actvie Directory plugin is involved here, as the problem is that the Jenkins server cannot authenticate to the SVN server, for example when doing a checkout.
The problem still persists in all versions of Jenkins since 1.586, including 1.594.
The Subversion plugin is the latest version. And yes, the issue is present in the latest version of the Suvbersion plugin.
The issue may be resolved in later versions of SVNKit; the version used by the Subversion plugin seems quite old.
Removed active-directory-plugin component, as I am pretty sure it has nothing to do with this issue.
I've upgraded to the latest version of the SVN plugin (version 2.5), and enabled the loggin for it, and this is what is printed upon repository connection attempts:
(NOTE: I've replaced a few server name instances and repo paths with placeholders; <serverName> and <path-to-repo>)
jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: Gnome Keyring disabled jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: NETWORK: Host set on an SSL socket jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: NETWORK: SSL protocols explicitly enabled: [TLSv1, TLSv1.1, TLSv1.2, SSLv3] jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: Connected to https://<serverName>/<path-to-repo> using TLSv1 jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: SENT OPTIONS <path-to-repo> HTTP/1.1 Host: <serverName> User-Agent: SVN/1.8.1 SVNKit/1.8.7 (http://svnkit.com/) r10376_v20141223_2131 Keep-Alive: Connection: TE, Keep-Alive TE: trailers Content-Length: 0 Accept-Encoding: gzip Content-Type: text/xml; charset="utf-8" DAV: http://subversion.tigris.org/xmlns/dav/svn/depth DAV: http://subversion.tigris.org/xmlns/dav/svn/mergeinfo DAV: http://subversion.tigris.org/xmlns/dav/svn/log-revprops jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: READ HTTP/1.1 401 Authorization Required Date: Thu, 08 Jan 2015 07:37:29 GMT Server: Apache WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 401 Keep-Alive: timeout=5, max=2000 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: NEGOTIATE: needsLogin jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: NEGOTIATE: initialize subject jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: No LoginModules configured for com.sun.security.jgss.krb5.initiate javax.security.auth.login.LoginException: No LoginModules configured for com.sun.security.jgss.krb5.initiate at javax.security.auth.login.LoginContext.init(Unknown Source) at javax.security.auth.login.LoginContext.<init>(Unknown Source) at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.initializeSubject(DefaultHTTPNegotiateAuthentication.java:135) at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.needsLogin(DefaultHTTPNegotiateAuthentication.java:240) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication.parseAuthParameters(HTTPAuthentication.java:234) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:630) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:375) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:363) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102) at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032) at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:94) at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:2282) at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.checkCredentialsId(SubversionSCM.java:3043) at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.doCheckCredentialsId(SubversionSCM.java:3016) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
It seems like there is a need for a LoginModule to be configured.
I've also tested other types of authentications, namely java:apache and java:jcifs. However, I don't think the execution reaches the actual authentication code.
I've done some more tests using the SVNKit property "svnkit.http.ntlm" of switching between ntlm implementations. I've tested "jna" (which works in jenkins 1.585 and subversion plugin 2.4.5), "java:apache" and "java:jcifs" (both give me the same "no credentials to try" error, regardless of the versions of Jenkins/subersion plugin installed).
I got suspicious on the NEGOTIATE part of the log, and started to investigate a little deeper; I believe the default order of the svnkit.http.methods list (i.e. where NTLM, Basic, Negotiate and igest are specified) must havee changed between svn plugin 2.4.5 and 2.5. When I explicitly set the order to NTLM,Negotiate,Basic,Digest (NTLM before Negotiate) it uses NTLM in the latest verison of svn plugin on jenkins 1.585. This does not, however, fix my issues with "no credential to try" in later versions of Jenkins. I just thought I should put up as much information here as I can find, to aid in the bug hunt.
I found when I enable Basic Authentication only in SVN Server the error about "svn: E170001: Negotiate authentication failed: No valid credentials provided" disappeared, but if I enable both of Integrated Windows Authentication and enable Basic Authentication this error will happen. But I'm not sure why?
I'm having the same issue. My workaround is to use <exec> in ant and call svn directly from commandline. Eg:
<exec executable="svn"> <arg line="checkout --non-interactive --trust-server-cert --username ${svn.user} --password ${svn.psw} ${svn.url} ${param.dep.dest}" /> </exec>
Nevertheless I would love to see this bug fixed.
I could solve a similar problem by setting the following JAVA option on jenkins startup:
-Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM
schristou, What do you think if we resolve this ticket as duplicated?
This issue is a duplicate of JENKINS-27084 which was fixed in 2.5.1.
What is the relationship to Active Directory Plugin?
Does this issue still occur on Jenkins 1.594?
Which version of the Subversion plugin are you using? Does the issue still occur with the newest release?