"Authentication not supported": jgit error when trying to clone tfs hosted git repo

Question

When I try to clone a tfs hosted git repo http://tfstta.com:8080/tfs/DefaultCollection/_git/SampleTFSGit from my linux machine, I face the Authentication not supported error:

org.eclipse.jgit.api.errors.TransportException: http://:@tfstta.int.thomson.com:8080/tfs/DefaultCollection/_git/SampleTFSGit.git: authentication not supported*

Enabling basic authentication/alternate credentials does not seem to be an option.

Could someone please tell me a work around for this? I would be very grateful!

I send the url, id, password and some other parameters to a linux script which internally calls the 'git clone ' command. While this works absolutely fine for github hosted repos , tfs-hosted git repos give me this error — pavithra raghavan, Aug 10 '16 at 09:11

score 9 · Answer 1 · answered Oct 29 '19 at 09:07

9

Goto Eclipse Menu

Window -> Preferences -> Team -> Git -> right side panel update time to 3000. `Connection timeout (seconds): 3000. Click on Apply and Close button. Clone again it will solve your problem.

answered Oct 29 '19 at 09:07

UdayKiran Pulipati

6,579
7
67
92

score 2 · Answer 2 · edited Jun 19 '18 at 01:30

This issue happens because JGit doesn't fully support NTLM, and instead of falling back to Basic auth or something else, it will stop right there.

Usually TFS answers failed authentication with multiple WWW-Authenticate headers. What happens here is that there is a bug in JGit's org.eclipse.jgit.transport.http.apache.HttpClientConnection, that will take into consideration only the last of the WWW-Authenticate headers, making it give up before even trying other connection types.

What I suggest is use your own implementation of org.eclipse.jgit.transport.http.HttpConnection, implementing like this:

@Override
public Map<String, List<String>> getHeaderFields() {
    Map<String, List<String>> ret = new HashMap<>();
    for (Header hdr : resp.getAllHeaders()) {
        List<String> list;
        if(ret.containsKey(hdr.getName())) list = ret.get(hdr.getName());
        else { list = new LinkedList<>(); ret.put(hdr.getName(), list); }
        for (HeaderElement hdrElem : hdr.getElements())
            list.add(hdrElem.toString());
    }
    return ret;
}

Or if you are lazy (like me), you can just switch to org.eclipse.jgit.transport.http.JDKHttpConnection and be happy because it uses native Java connection underneath, that works correctly.

If you are trying to use Spring Cloud Config Server with a TFS Git Repository, my choice is just to implement your own ConfigurableHttpConnectionFactory

/**
 * This will use native Java connections, instead of crappy ecplise implementation.
 * There will be no management of implementation though. I cannot assure
 */
public class SpringJDKConnectionFactory extends JDKHttpConnectionFactory implements ConfigurableHttpConnectionFactory {
    @Override
    public void addConfiguration(MultipleJGitEnvironmentProperties environmentProperties) {
    }
}

And have a configuration loading over the Spring's default:

@Configuration
public class JGitConnectionFactoryConfiguration {
    @Bean
    @Primary
    public ConfigurableHttpConnectionFactory configurableHttpConnectionFactory() {
        return new SpringJDKConnectionFactory();
    }
}

But beware, TFS will probably not like Basic auth with direct passwords. So create a "Personal Access Token" in TFS, and use that as a password instead.

Simple sample code:

public static void main(String[] args) throws GitAPIException, IOException {
    CloneCommand cmd;
    String url = "http://tfs-url.com/Git-Repo";
    File file = new File("build/git_test");
    if(file.exists())
        FileUtils.delete(file,FileUtils.RECURSIVE);
    cmd = new CloneCommand();
    cmd.setDirectory(file);
    cmd.setURI(url);
    //#use Personal access tokens as basic auth only accepts these
    cmd.setCredentialsProvider(new UsernamePasswordCredentialsProvider("UserAccount","personalaccesstoken"));
    ConfigurableHttpConnectionFactory cf = new SpringJDKConnectionFactory();
    HttpTransport.setConnectionFactory(cf);
    Git git = cmd.call();
}

Note that in order for spring to bootstrap this configuration you need to add `/resources/META-INF/spring.factories` with content: `org.springframework.cloud.bootstrap.BootstrapConfiguration=... JGitConnectionFactoryConfiguration` As documented in section 7.8.2 of https://cloud.spring.io/spring-cloud-static/spring-cloud-config/2.1.0.RELEASE/multi/multi__spring_cloud_config_client.html — prule, May 24 '19 at 00:12
Gabriel, thanks for posting this. Do you know if the issue you outlined (JGit implementation) can cause this exception to occur sporadically with the same components making similar requests with the same authentication type and credentials? From your description, it seems this describes resolution to a problem that happens every time, but I wasn't sure. (I am analyzing a problem with my spring cloud config server logging this error, but only very infrequently. I am hoping what you describe might be the culprit for such a scenario.) — Marnee, Jan 15 '20 at 23:30
For us, it happened everytime. I don't see a case where this would happen sporadically... for that to happen in the use case I described, TFS would send different order of WWW-Authenticate headers at some point. I don't believe that could happen, but hey... I wouldn't know. — gabriel, Feb 10 '20 at 06:17

score 1 · Answer 3 · answered Aug 08 '16 at 13:20

You might want to try https://www.visualstudio.com/en-us/products/team-explorer-everywhere-vs.aspx since it is Microsoft's cross-platform TFS command-line. The code is posted on GitHub if you want to try and patch the authentication helpers back to jGit.

score 0 · Answer 4 · answered Aug 17 '16 at 03:25

I would recommend you to upgrade your TFS server to the latest Update 3 and then use SSH Authentication for Git Repository.

SSH Support for Git Repos

With TFS 2015 Update 3, you can now connect to any Team Foundation Server Git repo using an SSH key. This is very helpful if you develop on Linux or Mac. Just upload your personal SSH key and you're ready to go.

score 0 · Answer 5 · answered Jun 28 '17 at 13:01

0

I have faced this issue with a new pc (configured by someone else). Fixed error with reinstalling JDK and running eclipse with it.

answered Jun 28 '17 at 13:01

mcadirci

186
1
2
12

score 0 · Answer 6 · answered May 21 '22 at 23:36

I used a bad approach but for initial work, it's fine for me.

In my case, I switched Project visibility on gitlab from private to public. Go to Gitab -> <your project> -> Settings -> General -> Visibility, project features, permissions -> switch to Public In application.properties I added only spring.cloud.config.server.git.uri without authentication properties and also at the end of the gitlab uri added .git

http://gitlab.com/<your-repo-name>.git

I don't recommend this approach for people who work tasks for the company.

score -1 · Answer 7 · answered Aug 08 '16 at 09:45

When you use command below, you'll be prompted to enter the username and password.

git-clone http://:@tfstta.int.thomson.com:8080/tfs/DefaultCollection/_git/SampleTFSGit

In my test, when send the command, you'll be prompted a Windows Security. It's not needed to use basic authentication/alternate credentials, simply type domaine\username and the password will connect to TFS.

"Authentication not supported": jgit error when trying to clone tfs hosted git repo

7 Answers7

Linked