authenticating with certificates & username/password

<SCRIPT defer type=text/javascript> if (typeof YAHOO == "undefined") { var YAHOO = {}; } YAHOO.Shortcuts = YAHOO.Shortcuts || {}; YAHOO.Shortcuts.hasSensitiveText = true; YAHOO.Shortcuts.sensitivityType = ["adult"]; YAHOO.Shortcuts.doUlt = false; YAHOO.Shortcuts.location = "us"; YAHOO.Shortcuts.document_id = 0; YAHOO.Shortcuts.document_type = ""; YAHOO.Shortcuts.document_title = "authenticating with certificates & username/password"; YAHOO.Shortcuts.document_publish_date = ""; YAHOO.Shortcuts.document_author = "alexbp80@yahoo.com"; YAHOO.Shortcuts.document_url = ""; YAHOO.Shortcuts.document_tags = ""; YAHOO.Shortcuts.document_language = "english"; YAHOO.Shortcuts.annotationSet = { "lw_1219414330_0": { "text": "Subversion", "extended": 0, "startchar": 200, "endchar": 209, "start": 200, "end": 209, "extendedFrom": "", "predictedCategory": "", "predictionProbability": "0", "weight": 0.547368, "type": ["shortcuts:/concept"], "category": ["CONCEPT"], "wikiId": "Subversion_%28software%29", "relatedWikiIds": [], "relatedEntities": [], "showOnClick": [], "context": "I am trying to use Hudson to connect to an Subversion repository which is using https and requires a digital certificate", "metaData": { "visible": "true" } } }; </SCRIPT> Hi,   I am trying to use Hudson to connect to an Subversion repository which is using https and requires a digital certificate with password and a username/password combination.   In the Subversion credentials page, Hudson allows to either enter username/password or certificate/password authentication. Is it possible to authenticate using all of these?.   I configured the svn client to store the password and certificate information in the .subversion/servers file, however Hudson does not seem to be using the .subversion configuration in my home directory.   Would it be possible to point Hudson to an SVN configuration or authenticate using the 4 credentials of username/password & certificate/password?   I appreciate your help.   Alex.

Alex Proschitsky wrote:
> Hi,
>  
> I am trying to use Hudson to connect to an Subversion repository which is using
> https and requires a digital certificate with password and a username/password
> combination.
>  
> In the Subversion credentials page, Hudson allows to either enter
> username/password or certificate/password authentication. Is it possible to
> authenticate using all of these?.

Can you elaborate on what authentication scheme you are using? I don't
see how you use both.


> I configured the svn client to store the password and certificate information in
> the .subversion/servers file, however Hudson does not seem to be using the
> .subversion configuration in my home directory.

Hmm, Hudson actually does use this, too, whenever it's available.

> Would it be possible to point Hudson to an SVN configuration or authenticate
> using the 4 credentials of username/password & certificate/password?
>  
> I appreciate your help.
>  
> Alex.
>
>


--
Kohsuke Kawaguchi
Sun Microsystems                   http://weblogs.java.net/blog/kohsuke/

Hi,   We are using an authentication scheme such that a user first connects to a server which requires a digital certificate + password and then a user needs to provide the SVN username and password credentials.   Can I enter all this information in Hudson's SVN "enterCredential" page ?   The second option I am trying to use is storing my certificate and password information in .subversion/servers file. How can I point Hudson to use that file ?   Thanks.   Alex. --- On Fri, 8/22/08, Kohsuke Kawaguchi <[hidden email]> wrote: From: Kohsuke Kawaguchi <[hidden email]> Subject: Re: authenticating with certificates & username/password To: [hidden email] Date: Friday, August 22, 2008, 12:43 PM Alex Proschitsky wrote: > Hi, > > I am trying to use Hudson to connect to an Subversion repository which is using > https and requires a digital certificate with password and a username/password > combination. > > In the Subversion credentials page, Hudson allows to either enter > username/password or certificate/password authentication. Is it possible to > authenticate using all of these?. Can you elaborate on what authentication scheme you are using? I don't see how you use both. > I configured the svn client to store the password and certificate information in > the .subversion/servers file, however Hudson does not seem to be using the > .subversion configuration in my home directory. Hmm, Hudson actually does use this, too, whenever it's available. > Would it be possible to point Hudson to an SVN configuration or authenticate > using the 4 credentials of username/password & certificate/password? > > I appreciate your help. > > Alex. > > -- Kohsuke Kawaguchi Sun Microsystems http://weblogs.java.net/blog/kohsuke/

Alex Proschitsky wrote:
> Hi,
>  
> We are using an authentication scheme such that a user first connects to a
> server which requires a digital certificate + password and then a user needs to
> provide the SVN username and password credentials.

I guess what I'm asking is what is this "connection" is. Is that an SSH
connection that uses public key authentication? Is that HTTPS where the
server requires a client authentication as well? Or is that something else?

To the best of my knowledge, neither of those connection mechanisms in
SVN then let you specify a separate SVN access credential. In the former
case, SVN will take the user name from ssh, and in the latter case,
well, I don't know exactly how that works.

Please give us more concrete information so that we can help you.

--
Kohsuke Kawaguchi
Sun Microsystems                   http://weblogs.java.net/blog/kohsuke/

Hi, We are using an HTTPS authentication scheme where the server requires a client  authentication in addition to supplying the SVN credentials. For example, when I connect to the  server repository using Tortoise SVN or svn command line, it first prompts for the certificate and password, and then for the SVN username and password. I stored the certificate filename+password in the .subversion/servers file and then cashed the password so now when I run commands like "svn update", it does not prompt for any authentication  information. Thanks for your help. Alex. --- On Mon, 8/25/08, Kohsuke Kawaguchi <[hidden email]> wrote: From: Kohsuke Kawaguchi <[hidden email]> Subject: Re: authenticating with certificates & username/password To: [hidden email] Date: Monday, August 25, 2008, 3:40 PM Alex Proschitsky wrote: > Hi, > > We are using an authentication scheme such that a user first connects to a > server which requires a digital certificate + password and then a user needs to > provide the SVN username and password credentials. I guess what I'm asking is what is this "connection" is. Is that an SSH connection that uses public key authentication? Is that HTTPS where the server requires a client authentication as well? Or is that something else? To the best of my knowledge, neither of those connection mechanisms in SVN then let you specify a separate SVN access credential. In the former case, SVN will take the user name from ssh, and in the latter case, well, I don't know exactly how that works. Please give us more concrete information so that we can help you. > Can I enter all this information in Hudson's SVN "enterCredential" page ? > > The second option I am trying to use is storing my certificate and password > information in > .subversion/servers file. How can I point Hudson to use that file ? > > Thanks. > > Alex. > > --- On *Fri, 8/22/08, Kohsuke Kawaguchi /<[hidden email]>/* wrote: > > From: Kohsuke Kawaguchi <[hidden email]> > Subject: Re: authenticating with certificates & username/password > To: [hidden email] > Date: Friday, August 22, 2008, 12:43 PM > > Alex Proschitsky wrote: > > Hi, > > > > I am trying to use Hudson to connect to an Subversion repository which is > using > > https and requires a digital certificate with password and a > username/password > > combination. > > > > In the Subversion credentials page, Hudson allows to either enter > > username/password or certificate/password authentication. Is it possible > to > > authenticate using all of these?. > > Can you elaborate on what authentication scheme you are using? I don't > see how you use both. > > > > I configured the svn client to store the password and certificate > information in > > the .subversion/servers file, however Hudson does not seem to be using the > > > .subversion configuration in my home directory. > > Hmm, Hudson actually does use this, too, whenever it's available. > > > Would it be possible to point Hudson to an SVN configuration or > authenticate > > using the 4 credentials of username/password & certificate/password? > > > > I appreciate your help. > > > > Alex. > > > > > > > -- > Kohsuke Kawaguchi > Sun Microsystems http://weblogs.java.net/blog/kohsuke/ > > -- Kohsuke Kawaguchi Sun Microsystems http://weblogs.java.net/blog/kohsuke/

Does anyone use such an HTTPS configuration with certificates ? Is it possible to point Hudson to use .subversion/servers configuration? Perhaps there are some Hudson configuration files I can edit in order to enter all the credentials ? Thanks. Alex. --- On Mon, 8/25/08, Alex Proschitsky <[hidden email]> wrote: From: Alex Proschitsky <[hidden email]> Subject: Re: authenticating with certificates & username/password To: [hidden email] Date: Monday, August 25, 2008, 4:55 PM Hi, We are using an HTTPS authentication scheme where the server requires a client  authentication in addition to supplying the SVN credentials. For example, when I connect to the  server repository using Tortoise SVN or svn command line, it first prompts for the certificate and password, and then for the SVN username and password. I stored the certificate filename+password in the .subversion/servers file and then cashed the password so now when I run commands like "svn update", it does not prompt for any authentication  information. Thanks for your help. Alex. --- On Mon, 8/25/08, Kohsuke Kawaguchi <[hidden email]> wrote: From: Kohsuke Kawaguchi <[hidden email]> Subject: Re: authenticating with certificates & username/password To: [hidden email] Date: Monday, August 25, 2008, 3:40 PM Alex Proschitsky wrote: > Hi, > > We are using an authentication scheme such that a user first connects to a > server which requires a digital certificate + password and then a user needs to > provide the SVN username and password credentials. I guess what I'm asking is what is this "connection" is. Is that an SSH connection that uses public key authentication? Is that HTTPS where the server requires a client authentication as well? Or is that something else? To the best of my knowledge, neither of those connection mechanisms in SVN then let you specify a separate SVN access credential. In the former case, SVN will take the user name from ssh, and in the latter case, well, I don't know exactly how that works. Please give us more concrete information so that we can help you. > Can I enter all this information in Hudson's SVN "enterCredential" page ? > > The second option I am trying to use is storing my certificate and password > information in > .subversion/servers file. How can I point Hudson to use that file ? > > Thanks. > > Alex. > > --- On *Fri, 8/22/08, Kohsuke Kawaguchi /<[hidden email]>/* wrote: > > From: Kohsuke Kawaguchi <[hidden email]> > Subject: Re: authenticating with certificates & username/password > To: [hidden email] > Date: Friday, August 22, 2008, 12:43 PM > > Alex Proschitsky wrote: > > Hi, > > > > I am trying to use Hudson to connect to an Subversion repository which is > using > > https and requires a digital certificate with password and a > username/password > > combination. > > > > In the Subversion credentials page, Hudson allows to either enter > > username/password or certificate/password authentication. Is it possible > to > > authenticate using all of these?. > > Can you elaborate on what authentication scheme you are using? I don't > see how you use both. > > > > I configured the svn client to store the password and certificate > information in > > the .subversion/servers file, however Hudson does not seem to be using the > > > .subversion configuration in my home directory. > > Hmm, Hudson actually does use this, too, whenever it's available. > > > Would it be possible to point Hudson to an SVN configuration or > authenticate > > using the 4 credentials of username/password & certificate/password? > > > > I appreciate your help. > > > > Alex. > > > > > > > -- > Kohsuke Kawaguchi > Sun Microsystems http://weblogs.java.net/blog/kohsuke/ > > -- Kohsuke Kawaguchi Sun Microsystems http://weblogs.java.net/blog/kohsuke/

Has this been resolved? Sorry to bring up such an old post but I have the same problem.

The scenario is as follows:

1. SSL is configured on our apache server to require a client certificate - right at the front so you can't access any of the content if you don't have the client certificate.
2. The svn server is thus sitting behind the apache server - we thus use https to reach our svn server.
3. The svn server then has its own username/password resolution facilities, this is to do thing like permissions on svn folders etc.

I can't get Jenkins to checkout my code.

When I select the username/password option I get the following exception

<wrapping exceptions removed>

Caused by: java.lang.NullPointerException
        at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:129)
        at org.apache.commons.io.FileUtils.readFileToByteArray(FileUtils.java:1135)
        at hudson.scm.SubversionSCM$DescriptorImpl$SslClientCertificateCredential.<init>(SubversionSCM.java:1494)
        at hudson.scm.UserProvidedCredential$AuthenticationManagerImpl.getFirstAuthentication(UserProvidedCredential.java:205)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initialize(HTTPSSLKeyManager.java:319)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initializeNoException(HTTPSSLKeyManager.java:301)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.chooseClientAlias(HTTPSSLKeyManager.java:196)
        at sun.security.ssl.AbstractWrapper.chooseClientAlias(SSLContextImpl.java:282)
        at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:629)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:652)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:229)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:166)
        at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:364)
        ... 59 more

Almost as if it is looking for a client certificate file but as one isn't set, it cannot find one.

Then if I try the other option - client certificate I get:

Attempting an SSL client certificate authentcation
Passing user name null and password you entered
Failed to authenticate: org.tmatesoft.svn.core.SVNErrorMessage: svn: OPTIONS of /OldMutual/sandbox/trunk/maven/parent: 401 Authorization Required (https://svn.afrozaar.com)

So it looks like it is getting passed the https level but being locked out by the svn authentication.

The interesting thing about this scenario is that the log says "Passing username null and password you entered" - almost as if if the password was set, it would work.

The .subversion config is configured correctly - so I'm not sure if it is reading this.

This issue (JENKINS-3912) is currently stalling our development effort, too. I'm trying a variety of things to work around the issue. The frustrating thing is that jsvn from the command line works, so the SVN plugin is taking this functioning library and breaking it somehow.

On Wednesday, July 13, 2011 5:40:50 AM UTC-7, michaelw wrote:

Has this been resolved? Sorry to bring up such an old post but I have the
same problem.

The scenario is as follows:

1. SSL is configured on our apache server to require a client certificate -
right at the front so you can't access any of the content if you don't have
the client certificate.
2. The svn server is thus sitting behind the apache server - we thus use
https to reach our svn server.
3. The svn server then has its own username/password resolution facilities,
this is to do thing like permissions on svn folders etc.

I can't get Jenkins to checkout my code.

When I select the username/password option I get the following exception

<wrapping exceptions removed>

Caused by: java.lang.NullPointerException
        at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:129)
        at org.apache.commons.io.FileUtils.readFileToByteArray(FileUtils.java:1135)
        at
hudson.scm.SubversionSCM$DescriptorImpl$SslClientCertificateCredential.<init>(SubversionSCM.java:1494)
        at
hudson.scm.UserProvidedCredential$AuthenticationManagerImpl.getFirstAuthentication(UserProvidedCredential.java:205)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initialize(HTTPSSLKeyManager.java:319)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initializeNoException(HTTPSSLKeyManager.java:301)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.chooseClientAlias(HTTPSSLKeyManager.java:196)
        at
sun.security.ssl.AbstractWrapper.chooseClientAlias(SSLContextImpl.java:282)
        at
sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:629)
        at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
        at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:652)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:229)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:166)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:364)
        ... 59 more

Almost as if it is looking for a client certificate file but as one isn't
set, it cannot find one.

Then if I try the other option - client certificate I get:

Attempting an SSL client certificate authentcation
Passing user name null and password you entered
Failed to authenticate: org.tmatesoft.svn.core.SVNErrorMessage: svn: OPTIONS
of /OldMutual/sandbox/trunk/maven/parent: 401 Authorization Required
(https://svn.afrozaar.com)

So it looks like it is getting passed the https level but being locked out
by the svn authentication.

The interesting thing about this scenario is that the log says "Passing
username null and password you entered" - almost as if if the password was
set, it would work.

The .subversion config is configured correctly - so I'm not sure if it is
reading this.

--
View this message in context: http://jenkins.361315.n4.nabble.com/authenticating-with-certificates-username-password-tp373150p3664923.html
Sent from the Jenkins users mailing list archive at Nabble.com.

I did it!

I looked at the files hudson.scm.SubversionSCM.xml and jobs/<jobname>/subversion.credentials. Both of them had, from a previous repository, an entry that looked like:

    <entry>
      <string>&lt;https://www.example.com/&gt;</string>
      <hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
        <userName>username</userName>
        <password>YmFzZTY0LWVuY29kZWQgcGFzc3dvcmQ=</password>
      </hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
    </entry>

and an entry that looked like:

    <entry>
      <string>&lt;https://www.example.com/&gt; Subversion Repositories</string>
      <hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
        <userName>username</userName>
        <password>YmFzZTY0LWVuY29kZWQgcGFzc3dvcmQ=</password>
      </hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
    </entry>

so I gathered the former was for the server and the latter was for the basic realm. Even that wasn't true, this got me to realize that SVNKit would be forced to distinguish between the two: the realm isn't available until after the security has been negotiated, so if SVNKit is going to supply a password, it can only use the hostname. Then once the secure connection has been established, it will try to look up credentials in this map using the host and realm name. So I ginned up two entries: one with the certificate authentication and only the hostname, and another with password authentication and the host and realm names, just like above (only using certificate authentication for the first example). So far, crossing my fingers and toes, this seems to work!

On Wednesday, May 2, 2012 10:41:14 AM UTC-7, Dustin Parker wrote:

This issue (JENKINS-3912) is currently stalling our development effort, too. I'm trying a variety of things to work around the issue. The frustrating thing is that jsvn from the command line works, so the SVN plugin is taking this functioning library and breaking it somehow.

On Wednesday, July 13, 2011 5:40:50 AM UTC-7, michaelw wrote:

Has this been resolved? Sorry to bring up such an old post but I have the
same problem.

The scenario is as follows:

1. SSL is configured on our apache server to require a client certificate -
right at the front so you can't access any of the content if you don't have
the client certificate.
2. The svn server is thus sitting behind the apache server - we thus use
https to reach our svn server.
3. The svn server then has its own username/password resolution facilities,
this is to do thing like permissions on svn folders etc.

I can't get Jenkins to checkout my code.

When I select the username/password option I get the following exception

<wrapping exceptions removed>

Caused by: java.lang.NullPointerException
        at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:129)
        at org.apache.commons.io.FileUtils.readFileToByteArray(FileUtils.java:1135)
        at
hudson.scm.SubversionSCM$DescriptorImpl$SslClientCertificateCredential.<init>(SubversionSCM.java:1494)
        at
hudson.scm.UserProvidedCredential$AuthenticationManagerImpl.getFirstAuthentication(UserProvidedCredential.java:205)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initialize(HTTPSSLKeyManager.java:319)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initializeNoException(HTTPSSLKeyManager.java:301)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.chooseClientAlias(HTTPSSLKeyManager.java:196)
        at
sun.security.ssl.AbstractWrapper.chooseClientAlias(SSLContextImpl.java:282)
        at
sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:629)
        at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
        at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:652)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:229)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:166)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:364)
        ... 59 more

Almost as if it is looking for a client certificate file but as one isn't
set, it cannot find one.

Then if I try the other option - client certificate I get:

Attempting an SSL client certificate authentcation
Passing user name null and password you entered
Failed to authenticate: org.tmatesoft.svn.core.SVNErrorMessage: svn: OPTIONS
of /OldMutual/sandbox/trunk/maven/parent: 401 Authorization Required
(https://svn.afrozaar.com)

So it looks like it is getting passed the https level but being locked out
by the svn authentication.

The interesting thing about this scenario is that the log says "Passing
username null and password you entered" - almost as if if the password was
set, it would work.

The .subversion config is configured correctly - so I'm not sure if it is
reading this.

--
View this message in context: http://jenkins.361315.n4.nabble.com/authenticating-with-certificates-username-password-tp373150p3664923.html
Sent from the Jenkins users mailing list archive at Nabble.com.

I'm running into the same issue.  Could you show an example of your final configuration file?  I'm using something very similiar to what is below, and it's not working.

The <string> element for the username/password entry must contain the hostname and the name of the basic authentication realm separated by a single space. One way to find this is to use curl:

$ curl -vk https://www.example.com/svn/repo
...
< HTTP/1.1 401 Authorization Required
< Date: Mon, 11 Jun 2012 16:58:23 GMT
< Server: Apache/2.0.54 (Win32) DAV/2 mod_ssl/2.0.54 OpenSSL/0.9.8g SVN/1.4.6 mod_wsgi/3.1 Python/2.6.5 mod_jk/1.2.31 mod_auth_sspi/1.0.1
< WWW-Authenticate: NTLM
< WWW-Authenticate: Basic realm="Subversion repositories"
< Content-Length: 596
< Content-Type: text/html; charset=iso-8859-1
...

Another way is to just get Firefox to prompt you for credentials for the site; the realm name should be in the dialog.


On Friday, June 8, 2012 1:49:07 PM UTC-7, Ryan wrote:

I'm running into the same issue.  Could you show an example of your final configuration file?  I'm using something very similiar to what is below, and it's not working.

/var/lib/jenkins/hudson.scm.SubversionSCM.xml

/var/lib/jenkins/jobs/<jobname>/subversion.credentials

Both of the aforementioned files contain the following:

<entry>
      <string>&lt;https://www.example.com/&gt;</string>
      <hudson.scm.SubversionSCM_-DescriptorImpl_-SslClientCertificateCredential>
        <certificate>cert is pasted in here</certificate>

        <userName>username</userName>
        <password>YmFzZTY0LWVuY29kZWQgcGFzc3dvcmQ=</password>
      </hudson.scm.SubversionSCM_-DescriptorImpl_- SslClientCertificateCredential>
    </entry> 

<entry>
      <string>&lt;https://www.example.com/&gt;</string>
      <hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
        <userName>username</userName>
        <password>YmFzZTY0LWVuY29kZWQgcGFzc3dvcmQ=</password>
      </hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
    </entry> 

and I get an SVNCancelException

On Wednesday, May 2, 2012 2:34:18 PM UTC-4, Dustin Parker wrote:

I did it!

I looked at the files hudson.scm.SubversionSCM.xml and jobs/<jobname>/subversion.credentials. Both of them had, from a previous repository, an entry that looked like:

    <entry>
      <string>&lt;https://www.example.com/&gt;</string>
      <hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
        <userName>username</userName>
        <password>YmFzZTY0LWVuY29kZWQgcGFzc3dvcmQ=</password>
      </hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
    </entry>

and an entry that looked like:

    <entry>
      <string>&lt;https://www.example.com/&gt; Subversion Repositories</string>
      <hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
        <userName>username</userName>
        <password>YmFzZTY0LWVuY29kZWQgcGFzc3dvcmQ=</password>
      </hudson.scm.SubversionSCM_-DescriptorImpl_-PasswordCredential>
    </entry>

so I gathered the former was for the server and the latter was for the basic realm. Even that wasn't true, this got me to realize that SVNKit would be forced to distinguish between the two: the realm isn't available until after the security has been negotiated, so if SVNKit is going to supply a password, it can only use the hostname. Then once the secure connection has been established, it will try to look up credentials in this map using the host and realm name. So I ginned up two entries: one with the certificate authentication and only the hostname, and another with password authentication and the host and realm names, just like above (only using certificate authentication for the first example). So far, crossing my fingers and toes, this seems to work!

On Wednesday, May 2, 2012 10:41:14 AM UTC-7, Dustin Parker wrote:

This issue (JENKINS-3912) is currently stalling our development effort, too. I'm trying a variety of things to work around the issue. The frustrating thing is that jsvn from the command line works, so the SVN plugin is taking this functioning library and breaking it somehow.

On Wednesday, July 13, 2011 5:40:50 AM UTC-7, michaelw wrote:

Has this been resolved? Sorry to bring up such an old post but I have the
same problem.

The scenario is as follows:

1. SSL is configured on our apache server to require a client certificate -
right at the front so you can't access any of the content if you don't have
the client certificate.
2. The svn server is thus sitting behind the apache server - we thus use
https to reach our svn server.
3. The svn server then has its own username/password resolution facilities,
this is to do thing like permissions on svn folders etc.

I can't get Jenkins to checkout my code.

When I select the username/password option I get the following exception

<wrapping exceptions removed>

Caused by: java.lang.NullPointerException
        at org.apache.commons.io.FileUtils.openInputStream(FileUtils.java:129)
        at org.apache.commons.io.FileUtils.readFileToByteArray(FileUtils.java:1135)
        at
hudson.scm.SubversionSCM$DescriptorImpl$SslClientCertificateCredential.<init>(SubversionSCM.java:1494)
        at
hudson.scm.UserProvidedCredential$AuthenticationManagerImpl.getFirstAuthentication(UserProvidedCredential.java:205)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initialize(HTTPSSLKeyManager.java:319)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.initializeNoException(HTTPSSLKeyManager.java:301)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPSSLKeyManager.chooseClientAlias(HTTPSSLKeyManager.java:196)
        at
sun.security.ssl.AbstractWrapper.chooseClientAlias(SSLContextImpl.java:282)
        at
sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:629)
        at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:228)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
        at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
        at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:652)
        at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:78)
        at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
        at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.sendData(HTTPConnection.java:229)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:166)
        at
org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:364)
        ... 59 more

Almost as if it is looking for a client certificate file but as one isn't
set, it cannot find one.

Then if I try the other option - client certificate I get:

Attempting an SSL client certificate authentcation
Passing user name null and password you entered
Failed to authenticate: org.tmatesoft.svn.core.SVNErrorMessage: svn: OPTIONS
of /OldMutual/sandbox/trunk/maven/parent: 401 Authorization Required
(https://svn.afrozaar.com)

So it looks like it is getting passed the https level but being locked out
by the svn authentication.

The interesting thing about this scenario is that the log says "Passing
username null and password you entered" - almost as if if the password was
set, it would work.

The .subversion config is configured correctly - so I'm not sure if it is
reading this.

--
View this message in context: http://jenkins.361315.n4.nabble.com/authenticating-with-certificates-username-password-tp373150p3664923.html
Sent from the Jenkins users mailing list archive at Nabble.com.