Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-26158

Active Directory authentication for Subversion plugin fails

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Blocker Blocker
    • subversion-plugin
    • Windows Server 2008 R2, Jenkins installed as a service. Java version for Jenkins is 1.7.0.07-b11 (32 bit).

      We've set up SVNKit in our Jenkins instance to use JNA to collect credentials for SVN access by setting -Dsvnkit.http.ntlm=jna in jenkins.xml. This has been working perfectly until we tried to upgrade Jenkins to 1.586, when the Jenkins JNA implementation was bumped to jna 4.10. After that, we get an "E200015: No credential to try." error.
      The last working version was Jenkins 1.585 and subversion plugin 2.4.5. If I upgrade any of them, we get the error.

          [JENKINS-26158] Active Directory authentication for Subversion plugin fails

          Daniel Beck added a comment -

          What is the relationship to Active Directory Plugin?

          Does this issue still occur on Jenkins 1.594?

          Which version of the Subversion plugin are you using? Does the issue still occur with the newest release?

          Daniel Beck added a comment - What is the relationship to Active Directory Plugin? Does this issue still occur on Jenkins 1.594? Which version of the Subversion plugin are you using? Does the issue still occur with the newest release?

          Björn Olsson added a comment -

          I'm actually not sure whether or not the Actvie Directory plugin is involved here, as the problem is that the Jenkins server cannot authenticate to the SVN server, for example when doing a checkout.
          The problem still persists in all versions of Jenkins since 1.586, including 1.594.
          The Subversion plugin is the latest version. And yes, the issue is present in the latest version of the Suvbersion plugin.
          The issue may be resolved in later versions of SVNKit; the version used by the Subversion plugin seems quite old.

          Björn Olsson added a comment - I'm actually not sure whether or not the Actvie Directory plugin is involved here, as the problem is that the Jenkins server cannot authenticate to the SVN server, for example when doing a checkout. The problem still persists in all versions of Jenkins since 1.586, including 1.594. The Subversion plugin is the latest version. And yes, the issue is present in the latest version of the Suvbersion plugin. The issue may be resolved in later versions of SVNKit; the version used by the Subversion plugin seems quite old.

          Björn Olsson added a comment -

          Removed active-directory-plugin component, as I am pretty sure it has nothing to do with this issue.

          Björn Olsson added a comment - Removed active-directory-plugin component, as I am pretty sure it has nothing to do with this issue.

          Björn Olsson added a comment - - edited

          I've upgraded to the latest version of the SVN plugin (version 2.5), and enabled the loggin for it, and this is what is printed upon repository connection attempts:
          (NOTE: I've replaced a few server name instances and repo paths with placeholders; <serverName> and <path-to-repo>)

          Log output
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: DEFAULT: Gnome Keyring disabled
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINEST: NETWORK: Host set on an SSL socket
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINEST: NETWORK: SSL protocols explicitly enabled: [TLSv1, TLSv1.1, TLSv1.2, SSLv3]
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: NETWORK: Connected to https://<serverName>/<path-to-repo> using TLSv1
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: DEFAULT: socket output stream requested...
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: DEFAULT: socket output stream requested...
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINEST: SENT
          OPTIONS <path-to-repo> HTTP/1.1
          Host: <serverName>
          User-Agent: SVN/1.8.1 SVNKit/1.8.7 (http://svnkit.com/) r10376_v20141223_2131
          Keep-Alive:
          Connection: TE, Keep-Alive
          TE: trailers
          Content-Length: 0
          Accept-Encoding: gzip
          Content-Type: text/xml; charset="utf-8"
          DAV: http://subversion.tigris.org/xmlns/dav/svn/depth
          DAV: http://subversion.tigris.org/xmlns/dav/svn/mergeinfo
          DAV: http://subversion.tigris.org/xmlns/dav/svn/log-revprops
          
          
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: DEFAULT: socket output stream requested...
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINEST: READ
          HTTP/1.1 401 Authorization Required
          Date: Thu, 08 Jan 2015 07:37:29 GMT
          Server: Apache
          WWW-Authenticate: Negotiate
          WWW-Authenticate: NTLM
          Content-Length: 401
          Keep-Alive: timeout=5, max=2000
          Connection: Keep-Alive
          Content-Type: text/html; charset=iso-8859-1
          
          
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: NETWORK: NEGOTIATE: needsLogin
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: NETWORK: NEGOTIATE: initialize subject
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: NETWORK: No LoginModules configured for com.sun.security.jgss.krb5.initiate
          javax.security.auth.login.LoginException: No LoginModules configured for com.sun.security.jgss.krb5.initiate
          	at javax.security.auth.login.LoginContext.init(Unknown Source)
          	at javax.security.auth.login.LoginContext.<init>(Unknown Source)
          	at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.initializeSubject(DefaultHTTPNegotiateAuthentication.java:135)
          	at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.needsLogin(DefaultHTTPNegotiateAuthentication.java:240)
          	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication.parseAuthParameters(HTTPAuthentication.java:234)
          	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:630)
          	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:375)
          	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:363)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:94)
          	at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:2282)
          	at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.checkCredentialsId(SubversionSCM.java:3043)
          	at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.doCheckCredentialsId(SubversionSCM.java:3016)
          	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
          	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
          	at java.lang.reflect.Method.invoke(Unknown Source)
          	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
          	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
          	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
          	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
          	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
          	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
          	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
          	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
          	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
          	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
          	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
          	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
          	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
          	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
          	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
          	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
          	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
          	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
          	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
          	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
          	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
          	at org.eclipse.jetty.server.Server.handle(Server.java:370)
          	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
          	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
          	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
          	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
          	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
          	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
          	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
          	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
          	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
          	at java.lang.Thread.run(Unknown Source)
          

          It seems like there is a need for a LoginModule to be configured.
          I've also tested other types of authentications, namely java:apache and java:jcifs. However, I don't think the execution reaches the actual authentication code.

          Björn Olsson added a comment - - edited I've upgraded to the latest version of the SVN plugin (version 2.5), and enabled the loggin for it, and this is what is printed upon repository connection attempts: (NOTE: I've replaced a few server name instances and repo paths with placeholders; <serverName> and <path-to-repo>) Log output jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: Gnome Keyring disabled jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: NETWORK: Host set on an SSL socket jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: NETWORK: SSL protocols explicitly enabled: [TLSv1, TLSv1.1, TLSv1.2, SSLv3] jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: Connected to https: //<serverName>/<path-to-repo> using TLSv1 jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: SENT OPTIONS <path-to-repo> HTTP/1.1 Host: <serverName> User-Agent: SVN/1.8.1 SVNKit/1.8.7 (http: //svnkit.com/) r10376_v20141223_2131 Keep-Alive: Connection: TE, Keep-Alive TE: trailers Content-Length: 0 Accept-Encoding: gzip Content-Type: text/xml; charset= "utf-8" DAV: http: //subversion.tigris.org/xmlns/dav/svn/depth DAV: http: //subversion.tigris.org/xmlns/dav/svn/mergeinfo DAV: http: //subversion.tigris.org/xmlns/dav/svn/log-revprops jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: READ HTTP/1.1 401 Authorization Required Date: Thu, 08 Jan 2015 07:37:29 GMT Server: Apache WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 401 Keep-Alive: timeout=5, max=2000 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: NEGOTIATE: needsLogin jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: NEGOTIATE: initialize subject jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: No LoginModules configured for com.sun.security.jgss.krb5.initiate javax.security.auth.login.LoginException: No LoginModules configured for com.sun.security.jgss.krb5.initiate at javax.security.auth.login.LoginContext.init(Unknown Source) at javax.security.auth.login.LoginContext.<init>(Unknown Source) at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.initializeSubject(DefaultHTTPNegotiateAuthentication.java:135) at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.needsLogin(DefaultHTTPNegotiateAuthentication.java:240) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication.parseAuthParameters(HTTPAuthentication.java:234) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:630) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:375) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:363) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102) at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032) at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:94) at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:2282) at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.checkCredentialsId(SubversionSCM.java:3043) at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.doCheckCredentialsId(SubversionSCM.java:3016) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang. Thread .run(Unknown Source) It seems like there is a need for a LoginModule to be configured. I've also tested other types of authentications, namely java:apache and java:jcifs. However, I don't think the execution reaches the actual authentication code.

          Björn Olsson added a comment -

          Updated the summary and description.

          Björn Olsson added a comment - Updated the summary and description.

          Björn Olsson added a comment -

          I've done some more tests using the SVNKit property "svnkit.http.ntlm" of switching between ntlm implementations. I've tested "jna" (which works in jenkins 1.585 and subversion plugin 2.4.5), "java:apache" and "java:jcifs" (both give me the same "no credentials to try" error, regardless of the versions of Jenkins/subersion plugin installed).

          Björn Olsson added a comment - I've done some more tests using the SVNKit property "svnkit.http.ntlm" of switching between ntlm implementations. I've tested "jna" (which works in jenkins 1.585 and subversion plugin 2.4.5), "java:apache" and "java:jcifs" (both give me the same "no credentials to try" error, regardless of the versions of Jenkins/subersion plugin installed).

          Björn Olsson added a comment -

          I got suspicious on the NEGOTIATE part of the log, and started to investigate a little deeper; I believe the default order of the svnkit.http.methods list (i.e. where NTLM, Basic, Negotiate and igest are specified) must havee changed between svn plugin 2.4.5 and 2.5. When I explicitly set the order to NTLM,Negotiate,Basic,Digest (NTLM before Negotiate) it uses NTLM in the latest verison of svn plugin on jenkins 1.585. This does not, however, fix my issues with "no credential to try" in later versions of Jenkins. I just thought I should put up as much information here as I can find, to aid in the bug hunt.

          Björn Olsson added a comment - I got suspicious on the NEGOTIATE part of the log, and started to investigate a little deeper; I believe the default order of the svnkit.http.methods list (i.e. where NTLM, Basic, Negotiate and igest are specified) must havee changed between svn plugin 2.4.5 and 2.5. When I explicitly set the order to NTLM,Negotiate,Basic,Digest (NTLM before Negotiate) it uses NTLM in the latest verison of svn plugin on jenkins 1.585. This does not, however, fix my issues with "no credential to try" in later versions of Jenkins. I just thought I should put up as much information here as I can find, to aid in the bug hunt.

          ruiling huang added a comment -

          I found when I enable Basic Authentication only in SVN Server the error about "svn: E170001: Negotiate authentication failed: No valid credentials provided" disappeared, but if I enable both of Integrated Windows Authentication and enable Basic Authentication this error will happen. But I'm not sure why?

          ruiling huang added a comment - I found when I enable Basic Authentication only in SVN Server the error about "svn: E170001: Negotiate authentication failed: No valid credentials provided" disappeared, but if I enable both of Integrated Windows Authentication and enable Basic Authentication this error will happen. But I'm not sure why?

          Rafael Wolf added a comment -

          I have the same issue, any solutions ?

          Rafael Wolf added a comment - I have the same issue, any solutions ?

          Benny Prange added a comment -

          I'm having the same issue. My workaround is to use <exec> in ant and call svn directly from commandline. Eg:

           
          <exec executable="svn">
            <arg line="checkout --non-interactive --trust-server-cert --username ${svn.user} --password ${svn.psw} ${svn.url} ${param.dep.dest}" />
          </exec>
          

          Nevertheless I would love to see this bug fixed.

          Benny Prange added a comment - I'm having the same issue. My workaround is to use <exec> in ant and call svn directly from commandline. Eg: <exec executable= "svn" > <arg line= "checkout --non-interactive --trust-server-cert --username ${svn.user} --password ${svn.psw} ${svn.url} ${param.dep.dest}" /> </exec> Nevertheless I would love to see this bug fixed.

          I could solve a similar problem by setting the following JAVA option on jenkins startup:

          -Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM
          

          Andreas Schrell added a comment - I could solve a similar problem by setting the following JAVA option on jenkins startup: -Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM

          It seems this issue is duplicate. Take a look JENKINS-27084.

          Manuel Recena Soto added a comment - It seems this issue is duplicate. Take a look JENKINS-27084 .

          schristou, What do you think if we resolve this ticket as duplicated?

          Manuel Recena Soto added a comment - schristou , What do you think if we resolve this ticket as duplicated?

          This issue is a duplicate of JENKINS-27084 which was fixed in 2.5.1.

          Steven Christou added a comment - This issue is a duplicate of JENKINS-27084 which was fixed in 2.5.1.

            schristou Steven Christou
            ursus_b Björn Olsson
            Votes:
            7 Vote for this issue
            Watchers:
            15 Start watching this issue

              Created:
              Updated:
              Resolved: