Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-26158

Active Directory authentication for Subversion plugin fails

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Blocker Blocker
    • subversion-plugin
    • Windows Server 2008 R2, Jenkins installed as a service. Java version for Jenkins is 1.7.0.07-b11 (32 bit).

      We've set up SVNKit in our Jenkins instance to use JNA to collect credentials for SVN access by setting -Dsvnkit.http.ntlm=jna in jenkins.xml. This has been working perfectly until we tried to upgrade Jenkins to 1.586, when the Jenkins JNA implementation was bumped to jna 4.10. After that, we get an "E200015: No credential to try." error.
      The last working version was Jenkins 1.585 and subversion plugin 2.4.5. If I upgrade any of them, we get the error.

          [JENKINS-26158] Active Directory authentication for Subversion plugin fails

          Björn Olsson created issue -

          Daniel Beck added a comment -

          What is the relationship to Active Directory Plugin?

          Does this issue still occur on Jenkins 1.594?

          Which version of the Subversion plugin are you using? Does the issue still occur with the newest release?

          Daniel Beck added a comment - What is the relationship to Active Directory Plugin? Does this issue still occur on Jenkins 1.594? Which version of the Subversion plugin are you using? Does the issue still occur with the newest release?

          Björn Olsson added a comment -

          I'm actually not sure whether or not the Actvie Directory plugin is involved here, as the problem is that the Jenkins server cannot authenticate to the SVN server, for example when doing a checkout.
          The problem still persists in all versions of Jenkins since 1.586, including 1.594.
          The Subversion plugin is the latest version. And yes, the issue is present in the latest version of the Suvbersion plugin.
          The issue may be resolved in later versions of SVNKit; the version used by the Subversion plugin seems quite old.

          Björn Olsson added a comment - I'm actually not sure whether or not the Actvie Directory plugin is involved here, as the problem is that the Jenkins server cannot authenticate to the SVN server, for example when doing a checkout. The problem still persists in all versions of Jenkins since 1.586, including 1.594. The Subversion plugin is the latest version. And yes, the issue is present in the latest version of the Suvbersion plugin. The issue may be resolved in later versions of SVNKit; the version used by the Subversion plugin seems quite old.

          Björn Olsson added a comment -

          Removed active-directory-plugin component, as I am pretty sure it has nothing to do with this issue.

          Björn Olsson added a comment - Removed active-directory-plugin component, as I am pretty sure it has nothing to do with this issue.
          Björn Olsson made changes -
          Component/s Original: active-directory-plugin [ 15526 ]

          Björn Olsson added a comment - - edited

          I've upgraded to the latest version of the SVN plugin (version 2.5), and enabled the loggin for it, and this is what is printed upon repository connection attempts:
          (NOTE: I've replaced a few server name instances and repo paths with placeholders; <serverName> and <path-to-repo>)

          Log output
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: DEFAULT: Gnome Keyring disabled
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINEST: NETWORK: Host set on an SSL socket
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINEST: NETWORK: SSL protocols explicitly enabled: [TLSv1, TLSv1.1, TLSv1.2, SSLv3]
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: NETWORK: Connected to https://<serverName>/<path-to-repo> using TLSv1
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: DEFAULT: socket output stream requested...
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: DEFAULT: socket output stream requested...
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINEST: SENT
          OPTIONS <path-to-repo> HTTP/1.1
          Host: <serverName>
          User-Agent: SVN/1.8.1 SVNKit/1.8.7 (http://svnkit.com/) r10376_v20141223_2131
          Keep-Alive:
          Connection: TE, Keep-Alive
          TE: trailers
          Content-Length: 0
          Accept-Encoding: gzip
          Content-Type: text/xml; charset="utf-8"
          DAV: http://subversion.tigris.org/xmlns/dav/svn/depth
          DAV: http://subversion.tigris.org/xmlns/dav/svn/mergeinfo
          DAV: http://subversion.tigris.org/xmlns/dav/svn/log-revprops
          
          
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: DEFAULT: socket output stream requested...
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINEST: READ
          HTTP/1.1 401 Authorization Required
          Date: Thu, 08 Jan 2015 07:37:29 GMT
          Server: Apache
          WWW-Authenticate: Negotiate
          WWW-Authenticate: NTLM
          Content-Length: 401
          Keep-Alive: timeout=5, max=2000
          Connection: Keep-Alive
          Content-Type: text/html; charset=iso-8859-1
          
          
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: NETWORK: NEGOTIATE: needsLogin
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: NETWORK: NEGOTIATE: initialize subject
          jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
          FINE: NETWORK: No LoginModules configured for com.sun.security.jgss.krb5.initiate
          javax.security.auth.login.LoginException: No LoginModules configured for com.sun.security.jgss.krb5.initiate
          	at javax.security.auth.login.LoginContext.init(Unknown Source)
          	at javax.security.auth.login.LoginContext.<init>(Unknown Source)
          	at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.initializeSubject(DefaultHTTPNegotiateAuthentication.java:135)
          	at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.needsLogin(DefaultHTTPNegotiateAuthentication.java:240)
          	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication.parseAuthParameters(HTTPAuthentication.java:234)
          	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:630)
          	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:375)
          	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:363)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032)
          	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:94)
          	at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:2282)
          	at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.checkCredentialsId(SubversionSCM.java:3043)
          	at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.doCheckCredentialsId(SubversionSCM.java:3016)
          	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
          	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
          	at java.lang.reflect.Method.invoke(Unknown Source)
          	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
          	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
          	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
          	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
          	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
          	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
          	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
          	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
          	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
          	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
          	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
          	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
          	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
          	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
          	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
          	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
          	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
          	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
          	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
          	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
          	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
          	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
          	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
          	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
          	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
          	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
          	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
          	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
          	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
          	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
          	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
          	at org.eclipse.jetty.server.Server.handle(Server.java:370)
          	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
          	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
          	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
          	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
          	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
          	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
          	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
          	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
          	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
          	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
          	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
          	at java.lang.Thread.run(Unknown Source)
          

          It seems like there is a need for a LoginModule to be configured.
          I've also tested other types of authentications, namely java:apache and java:jcifs. However, I don't think the execution reaches the actual authentication code.

          Björn Olsson added a comment - - edited I've upgraded to the latest version of the SVN plugin (version 2.5), and enabled the loggin for it, and this is what is printed upon repository connection attempts: (NOTE: I've replaced a few server name instances and repo paths with placeholders; <serverName> and <path-to-repo>) Log output jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: Gnome Keyring disabled jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: NETWORK: Host set on an SSL socket jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: NETWORK: SSL protocols explicitly enabled: [TLSv1, TLSv1.1, TLSv1.2, SSLv3] jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: Connected to https: //<serverName>/<path-to-repo> using TLSv1 jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: SENT OPTIONS <path-to-repo> HTTP/1.1 Host: <serverName> User-Agent: SVN/1.8.1 SVNKit/1.8.7 (http: //svnkit.com/) r10376_v20141223_2131 Keep-Alive: Connection: TE, Keep-Alive TE: trailers Content-Length: 0 Accept-Encoding: gzip Content-Type: text/xml; charset= "utf-8" DAV: http: //subversion.tigris.org/xmlns/dav/svn/depth DAV: http: //subversion.tigris.org/xmlns/dav/svn/mergeinfo DAV: http: //subversion.tigris.org/xmlns/dav/svn/log-revprops jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: READ HTTP/1.1 401 Authorization Required Date: Thu, 08 Jan 2015 07:37:29 GMT Server: Apache WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 401 Keep-Alive: timeout=5, max=2000 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: NEGOTIATE: needsLogin jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: NEGOTIATE: initialize subject jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: No LoginModules configured for com.sun.security.jgss.krb5.initiate javax.security.auth.login.LoginException: No LoginModules configured for com.sun.security.jgss.krb5.initiate at javax.security.auth.login.LoginContext.init(Unknown Source) at javax.security.auth.login.LoginContext.<init>(Unknown Source) at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.initializeSubject(DefaultHTTPNegotiateAuthentication.java:135) at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.needsLogin(DefaultHTTPNegotiateAuthentication.java:240) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication.parseAuthParameters(HTTPAuthentication.java:234) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:630) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:375) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:363) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102) at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032) at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:94) at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:2282) at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.checkCredentialsId(SubversionSCM.java:3043) at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.doCheckCredentialsId(SubversionSCM.java:3016) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang. Thread .run(Unknown Source) It seems like there is a need for a LoginModule to be configured. I've also tested other types of authentications, namely java:apache and java:jcifs. However, I don't think the execution reaches the actual authentication code.
          Björn Olsson made changes -
          Summary Original: Jenkins v1.586 breaks Active Directory authentication using jna for Subversion plugin. New: Jenkins v1.586 breaks Active Directory authentication for Subversion plugin.

          Björn Olsson added a comment -

          Updated the summary and description.

          Björn Olsson added a comment - Updated the summary and description.
          Björn Olsson made changes -
          Description Original: We've set up SVNKit in our Jenkins instance to use JNA to collect credentials for SVN access by setting -Dsvnkit.http.ntlm=jna in jenkins.xml. This has been working perfectly until we tried to upgrade Jenkins to 1.586, when the Jenkins JNA implementation was bumped to jna 4.10. After that, we get an "E200015: No credential to try." error. New: We've set up SVNKit in our Jenkins instance to use JNA to collect credentials for SVN access by setting -Dsvnkit.http.ntlm=jna in jenkins.xml. This has been working perfectly until we tried to upgrade Jenkins to 1.586, when the Jenkins JNA implementation was bumped to jna 4.10. After that, we get an "E200015: No credential to try." error.
          The last working version was Jenkins 1.585 and subversion plugin 2.4.5. If I upgrade any of them, we get the error.
          Summary Original: Jenkins v1.586 breaks Active Directory authentication for Subversion plugin. New: Active Directory authentication for Subversion plugin fails

          Björn Olsson added a comment -

          I've done some more tests using the SVNKit property "svnkit.http.ntlm" of switching between ntlm implementations. I've tested "jna" (which works in jenkins 1.585 and subversion plugin 2.4.5), "java:apache" and "java:jcifs" (both give me the same "no credentials to try" error, regardless of the versions of Jenkins/subersion plugin installed).

          Björn Olsson added a comment - I've done some more tests using the SVNKit property "svnkit.http.ntlm" of switching between ntlm implementations. I've tested "jna" (which works in jenkins 1.585 and subversion plugin 2.4.5), "java:apache" and "java:jcifs" (both give me the same "no credentials to try" error, regardless of the versions of Jenkins/subersion plugin installed).

            schristou Steven Christou
            ursus_b Björn Olsson
            Votes:
            7 Vote for this issue
            Watchers:
            15 Start watching this issue

              Created:
              Updated:
              Resolved: