Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-26158

Active Directory authentication for Subversion plugin fails

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      We've set up SVNKit in our Jenkins instance to use JNA to collect credentials for SVN access by setting -Dsvnkit.http.ntlm=jna in jenkins.xml. This has been working perfectly until we tried to upgrade Jenkins to 1.586, when the Jenkins JNA implementation was bumped to jna 4.10. After that, we get an "E200015: No credential to try." error.
      The last working version was Jenkins 1.585 and subversion plugin 2.4.5. If I upgrade any of them, we get the error.

        Attachments

          Issue Links

            Activity

            ursus_b Björn Olsson created issue -
            Hide
            danielbeck Daniel Beck added a comment -

            What is the relationship to Active Directory Plugin?

            Does this issue still occur on Jenkins 1.594?

            Which version of the Subversion plugin are you using? Does the issue still occur with the newest release?

            Show
            danielbeck Daniel Beck added a comment - What is the relationship to Active Directory Plugin? Does this issue still occur on Jenkins 1.594? Which version of the Subversion plugin are you using? Does the issue still occur with the newest release?
            Hide
            ursus_b Björn Olsson added a comment -

            I'm actually not sure whether or not the Actvie Directory plugin is involved here, as the problem is that the Jenkins server cannot authenticate to the SVN server, for example when doing a checkout.
            The problem still persists in all versions of Jenkins since 1.586, including 1.594.
            The Subversion plugin is the latest version. And yes, the issue is present in the latest version of the Suvbersion plugin.
            The issue may be resolved in later versions of SVNKit; the version used by the Subversion plugin seems quite old.

            Show
            ursus_b Björn Olsson added a comment - I'm actually not sure whether or not the Actvie Directory plugin is involved here, as the problem is that the Jenkins server cannot authenticate to the SVN server, for example when doing a checkout. The problem still persists in all versions of Jenkins since 1.586, including 1.594. The Subversion plugin is the latest version. And yes, the issue is present in the latest version of the Suvbersion plugin. The issue may be resolved in later versions of SVNKit; the version used by the Subversion plugin seems quite old.
            Hide
            ursus_b Björn Olsson added a comment -

            Removed active-directory-plugin component, as I am pretty sure it has nothing to do with this issue.

            Show
            ursus_b Björn Olsson added a comment - Removed active-directory-plugin component, as I am pretty sure it has nothing to do with this issue.
            ursus_b Björn Olsson made changes -
            Field Original Value New Value
            Component/s active-directory-plugin [ 15526 ]
            Hide
            ursus_b Björn Olsson added a comment - - edited

            I've upgraded to the latest version of the SVN plugin (version 2.5), and enabled the loggin for it, and this is what is printed upon repository connection attempts:
            (NOTE: I've replaced a few server name instances and repo paths with placeholders; <serverName> and <path-to-repo>)

            Log output
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINE: DEFAULT: Gnome Keyring disabled
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINEST: NETWORK: Host set on an SSL socket
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINEST: NETWORK: SSL protocols explicitly enabled: [TLSv1, TLSv1.1, TLSv1.2, SSLv3]
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINE: NETWORK: Connected to https://<serverName>/<path-to-repo> using TLSv1
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINE: DEFAULT: socket output stream requested...
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINE: DEFAULT: socket output stream requested...
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINEST: SENT
            OPTIONS <path-to-repo> HTTP/1.1
            Host: <serverName>
            User-Agent: SVN/1.8.1 SVNKit/1.8.7 (http://svnkit.com/) r10376_v20141223_2131
            Keep-Alive:
            Connection: TE, Keep-Alive
            TE: trailers
            Content-Length: 0
            Accept-Encoding: gzip
            Content-Type: text/xml; charset="utf-8"
            DAV: http://subversion.tigris.org/xmlns/dav/svn/depth
            DAV: http://subversion.tigris.org/xmlns/dav/svn/mergeinfo
            DAV: http://subversion.tigris.org/xmlns/dav/svn/log-revprops
            
            
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINE: DEFAULT: socket output stream requested...
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINEST: READ
            HTTP/1.1 401 Authorization Required
            Date: Thu, 08 Jan 2015 07:37:29 GMT
            Server: Apache
            WWW-Authenticate: Negotiate
            WWW-Authenticate: NTLM
            Content-Length: 401
            Keep-Alive: timeout=5, max=2000
            Connection: Keep-Alive
            Content-Type: text/html; charset=iso-8859-1
            
            
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINE: NETWORK: NEGOTIATE: needsLogin
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINE: NETWORK: NEGOTIATE: initialize subject
            jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log
            FINE: NETWORK: No LoginModules configured for com.sun.security.jgss.krb5.initiate
            javax.security.auth.login.LoginException: No LoginModules configured for com.sun.security.jgss.krb5.initiate
            	at javax.security.auth.login.LoginContext.init(Unknown Source)
            	at javax.security.auth.login.LoginContext.<init>(Unknown Source)
            	at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.initializeSubject(DefaultHTTPNegotiateAuthentication.java:135)
            	at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.needsLogin(DefaultHTTPNegotiateAuthentication.java:240)
            	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication.parseAuthParameters(HTTPAuthentication.java:234)
            	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:630)
            	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:375)
            	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:363)
            	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710)
            	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627)
            	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102)
            	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032)
            	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:94)
            	at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:2282)
            	at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.checkCredentialsId(SubversionSCM.java:3043)
            	at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.doCheckCredentialsId(SubversionSCM.java:3016)
            	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
            	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
            	at java.lang.reflect.Method.invoke(Unknown Source)
            	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
            	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
            	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
            	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121)
            	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
            	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
            	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
            	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
            	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
            	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249)
            	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
            	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
            	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
            	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
            	at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
            	at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
            	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
            	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
            	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96)
            	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88)
            	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
            	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
            	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
            	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
            	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
            	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            	at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
            	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
            	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
            	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
            	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            	at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
            	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
            	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
            	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
            	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
            	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
            	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
            	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
            	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
            	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
            	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
            	at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
            	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
            	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
            	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
            	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
            	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
            	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
            	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
            	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
            	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
            	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
            	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
            	at org.eclipse.jetty.server.Server.handle(Server.java:370)
            	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
            	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
            	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
            	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
            	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
            	at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
            	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
            	at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
            	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
            	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
            	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
            	at java.lang.Thread.run(Unknown Source)
            

            It seems like there is a need for a LoginModule to be configured.
            I've also tested other types of authentications, namely java:apache and java:jcifs. However, I don't think the execution reaches the actual authentication code.

            Show
            ursus_b Björn Olsson added a comment - - edited I've upgraded to the latest version of the SVN plugin (version 2.5), and enabled the loggin for it, and this is what is printed upon repository connection attempts: (NOTE: I've replaced a few server name instances and repo paths with placeholders; <serverName> and <path-to-repo>) Log output jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: Gnome Keyring disabled jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: NETWORK: Host set on an SSL socket jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: NETWORK: SSL protocols explicitly enabled: [TLSv1, TLSv1.1, TLSv1.2, SSLv3] jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: Connected to https: //<serverName>/<path-to-repo> using TLSv1 jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: SENT OPTIONS <path-to-repo> HTTP/1.1 Host: <serverName> User-Agent: SVN/1.8.1 SVNKit/1.8.7 (http: //svnkit.com/) r10376_v20141223_2131 Keep-Alive: Connection: TE, Keep-Alive TE: trailers Content-Length: 0 Accept-Encoding: gzip Content-Type: text/xml; charset= "utf-8" DAV: http: //subversion.tigris.org/xmlns/dav/svn/depth DAV: http: //subversion.tigris.org/xmlns/dav/svn/mergeinfo DAV: http: //subversion.tigris.org/xmlns/dav/svn/log-revprops jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: DEFAULT: socket output stream requested... jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINEST: READ HTTP/1.1 401 Authorization Required Date: Thu, 08 Jan 2015 07:37:29 GMT Server: Apache WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 401 Keep-Alive: timeout=5, max=2000 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: NEGOTIATE: needsLogin jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: NEGOTIATE: initialize subject jan 08, 2015 8:37:29 FM org.tmatesoft.svn.core.internal.util.DefaultSVNDebugLogger log FINE: NETWORK: No LoginModules configured for com.sun.security.jgss.krb5.initiate javax.security.auth.login.LoginException: No LoginModules configured for com.sun.security.jgss.krb5.initiate at javax.security.auth.login.LoginContext.init(Unknown Source) at javax.security.auth.login.LoginContext.<init>(Unknown Source) at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.initializeSubject(DefaultHTTPNegotiateAuthentication.java:135) at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.needsLogin(DefaultHTTPNegotiateAuthentication.java:240) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication.parseAuthParameters(HTTPAuthentication.java:234) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:630) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:375) at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:363) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627) at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102) at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032) at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:94) at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:2282) at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.checkCredentialsId(SubversionSCM.java:3043) at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.doCheckCredentialsId(SubversionSCM.java:3016) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161) at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:121) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:249) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53) at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649) at org.kohsuke.stapler.Stapler.service(Stapler.java:238) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:96) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:88) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249) at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482) at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116) at org.eclipse.jetty.server.Server.handle(Server.java:370) at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489) at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949) at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011) at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644) at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82) at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668) at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52) at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang. Thread .run(Unknown Source) It seems like there is a need for a LoginModule to be configured. I've also tested other types of authentications, namely java:apache and java:jcifs. However, I don't think the execution reaches the actual authentication code.
            ursus_b Björn Olsson made changes -
            Summary Jenkins v1.586 breaks Active Directory authentication using jna for Subversion plugin. Jenkins v1.586 breaks Active Directory authentication for Subversion plugin.
            Hide
            ursus_b Björn Olsson added a comment -

            Updated the summary and description.

            Show
            ursus_b Björn Olsson added a comment - Updated the summary and description.
            ursus_b Björn Olsson made changes -
            Description We've set up SVNKit in our Jenkins instance to use JNA to collect credentials for SVN access by setting -Dsvnkit.http.ntlm=jna in jenkins.xml. This has been working perfectly until we tried to upgrade Jenkins to 1.586, when the Jenkins JNA implementation was bumped to jna 4.10. After that, we get an "E200015: No credential to try." error. We've set up SVNKit in our Jenkins instance to use JNA to collect credentials for SVN access by setting -Dsvnkit.http.ntlm=jna in jenkins.xml. This has been working perfectly until we tried to upgrade Jenkins to 1.586, when the Jenkins JNA implementation was bumped to jna 4.10. After that, we get an "E200015: No credential to try." error.
            The last working version was Jenkins 1.585 and subversion plugin 2.4.5. If I upgrade any of them, we get the error.
            Summary Jenkins v1.586 breaks Active Directory authentication for Subversion plugin. Active Directory authentication for Subversion plugin fails
            Hide
            ursus_b Björn Olsson added a comment -

            I've done some more tests using the SVNKit property "svnkit.http.ntlm" of switching between ntlm implementations. I've tested "jna" (which works in jenkins 1.585 and subversion plugin 2.4.5), "java:apache" and "java:jcifs" (both give me the same "no credentials to try" error, regardless of the versions of Jenkins/subersion plugin installed).

            Show
            ursus_b Björn Olsson added a comment - I've done some more tests using the SVNKit property "svnkit.http.ntlm" of switching between ntlm implementations. I've tested "jna" (which works in jenkins 1.585 and subversion plugin 2.4.5), "java:apache" and "java:jcifs" (both give me the same "no credentials to try" error, regardless of the versions of Jenkins/subersion plugin installed).
            Hide
            ursus_b Björn Olsson added a comment -

            I got suspicious on the NEGOTIATE part of the log, and started to investigate a little deeper; I believe the default order of the svnkit.http.methods list (i.e. where NTLM, Basic, Negotiate and igest are specified) must havee changed between svn plugin 2.4.5 and 2.5. When I explicitly set the order to NTLM,Negotiate,Basic,Digest (NTLM before Negotiate) it uses NTLM in the latest verison of svn plugin on jenkins 1.585. This does not, however, fix my issues with "no credential to try" in later versions of Jenkins. I just thought I should put up as much information here as I can find, to aid in the bug hunt.

            Show
            ursus_b Björn Olsson added a comment - I got suspicious on the NEGOTIATE part of the log, and started to investigate a little deeper; I believe the default order of the svnkit.http.methods list (i.e. where NTLM, Basic, Negotiate and igest are specified) must havee changed between svn plugin 2.4.5 and 2.5. When I explicitly set the order to NTLM,Negotiate,Basic,Digest (NTLM before Negotiate) it uses NTLM in the latest verison of svn plugin on jenkins 1.585. This does not, however, fix my issues with "no credential to try" in later versions of Jenkins. I just thought I should put up as much information here as I can find, to aid in the bug hunt.
            schristou Steven Christou made changes -
            Assignee Steven Christou [ schristou ]
            schristou Steven Christou made changes -
            Link This issue is duplicated by JENKINS-26473 [ JENKINS-26473 ]
            schristou Steven Christou made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            Hide
            raylene ruiling huang added a comment -

            I found when I enable Basic Authentication only in SVN Server the error about "svn: E170001: Negotiate authentication failed: No valid credentials provided" disappeared, but if I enable both of Integrated Windows Authentication and enable Basic Authentication this error will happen. But I'm not sure why?

            Show
            raylene ruiling huang added a comment - I found when I enable Basic Authentication only in SVN Server the error about "svn: E170001: Negotiate authentication failed: No valid credentials provided" disappeared, but if I enable both of Integrated Windows Authentication and enable Basic Authentication this error will happen. But I'm not sure why?
            Hide
            rafakwolf Rafael Wolf added a comment -

            I have the same issue, any solutions ?

            Show
            rafakwolf Rafael Wolf added a comment - I have the same issue, any solutions ?
            rafakwolf Rafael Wolf made changes -
            Status In Progress [ 3 ] Open [ 1 ]
            rafakwolf Rafael Wolf made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            Hide
            bennyprange Benny Prange added a comment -

            I'm having the same issue. My workaround is to use <exec> in ant and call svn directly from commandline. Eg:

             
            <exec executable="svn">
              <arg line="checkout --non-interactive --trust-server-cert --username ${svn.user} --password ${svn.psw} ${svn.url} ${param.dep.dest}" />
            </exec>
            

            Nevertheless I would love to see this bug fixed.

            Show
            bennyprange Benny Prange added a comment - I'm having the same issue. My workaround is to use <exec> in ant and call svn directly from commandline. Eg: <exec executable= "svn" > <arg line= "checkout --non-interactive --trust-server-cert --username ${svn.user} --password ${svn.psw} ${svn.url} ${param.dep.dest}" /> </exec> Nevertheless I would love to see this bug fixed.
            Hide
            andreasschrell Andreas Schrell added a comment -

            I could solve a similar problem by setting the following JAVA option on jenkins startup:

            -Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM
            
            Show
            andreasschrell Andreas Schrell added a comment - I could solve a similar problem by setting the following JAVA option on jenkins startup: -Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM
            jglick Jesse Glick made changes -
            Link This issue depends on JENKINS-28251 [ JENKINS-28251 ]
            Hide
            recena Manuel Recena Soto added a comment -

            It seems this issue is duplicate. Take a look JENKINS-27084.

            Show
            recena Manuel Recena Soto added a comment - It seems this issue is duplicate. Take a look JENKINS-27084 .
            schristou Steven Christou made changes -
            Link This issue duplicates JENKINS-27084 [ JENKINS-27084 ]
            Hide
            recena Manuel Recena Soto added a comment -

            Steven Christou, What do you think if we resolve this ticket as duplicated?

            Show
            recena Manuel Recena Soto added a comment - Steven Christou , What do you think if we resolve this ticket as duplicated?
            Hide
            schristou Steven Christou added a comment -

            This issue is a duplicate of JENKINS-27084 which was fixed in 2.5.1.

            Show
            schristou Steven Christou added a comment - This issue is a duplicate of JENKINS-27084 which was fixed in 2.5.1.
            schristou Steven Christou made changes -
            Resolution Duplicate [ 3 ]
            Status In Progress [ 3 ] Resolved [ 5 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 160149 ] JNJira + In-Review [ 196340 ]

              People

              Assignee:
              schristou Steven Christou
              Reporter:
              ursus_b Björn Olsson
              Votes:
              7 Vote for this issue
              Watchers:
              15 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: