Is the submodule defined to use the same protocol and same credentials as the parent repository?
Authenticated submodule checkout requires that the submodule must be accessed using the same protocol and same credentials as the parent repository. If the original repository is fetched with https (as it appears in your case), then the submodule reference in that branch of the original repository must refer to the submodule using https protocol, not using ssh protocol.
Is the checkout step defined to use the parent credentials ( parentCredentials: true ) when performing the submodule checkout?
In my acceptance test job, I see the following definition of the checkout step:
userRemoteConfigs: [[url: 'email@example.com:MarkEWaite/jenkins-bugs-private.git',
branches: [[name: branch]],
gitTool: 'Default', /* Submodule authentication not supported in JGit */
The command line git version 2.26.2 has full support for submodules. While investigating to see if there is an issue here, I ran an acceptance test job on agents with Git 2.26.2 (FreeBSD and OpenBSD in my test cases). Those jobs were all successful at submodule checkout.
If it helps, you're welcome to refer to the public version of my acceptance test job for details that I know are working in my acceptance test environment. I have a similar job that includes credentials and uses https to access a private GitHub repository.