Authentication Failure with NTLM Subversion Authentication

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

Bamboo's Subversion Java client SVNKit does not work well with NTLM based Authentication.

This can be seen in the log files:

INFO [pool-17-thread-1] [DefaultErrorHandler] Recording error: Unable to detect changes : SLAPI-SLAPI2000
com.atlassian.bamboo.repository.RepositoryException: Build 'SLAPI-SLAPI2000' failed to check SVN repository
at com.atlassian.bamboo.repository.svn.SvnRepository.collectChangesSinceLastBuild(SvnRepository.java:219)
...
Caused by: org.tmatesoft.svn.core.SVNAuthenticationException: svn: Authentication required for '<[http://subversion:80]> (null)'
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.authenticationFailed(SVNErrorManager.java:47)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.authenticationFailed(SVNErrorManager.java:41)
at org.tmatesoft.svn.core.internal.wc.DefaultSVNAuthenticationManager.getNextAuthentication(DefaultSVNAuthenticationManager.java:202)

If the repository server only offers NTLM authentication, then SVNKit cannot connect reliably.

Cause

The SVNKit Java client does not handle NTLM authentication. It relies on Basic Authentication.

Resolution

  • Configure repository server to offer both Basic and NTLM authentication (Apache httpd only).
    Use Apache mod_auth_sspi module on the server side, and add the following option to the Subversion repository location:

    SSPIOfferBasic On
    
  • Force Bamboo to prefer Basic Authentication
    Force Bamboo/SVNKit to prefer basic authentication by adding -Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM to the Java options when starting bamboo.

 

Last modified on Jun 27, 2013

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.