subject:"Add modern authentication \(OAuth 2.0 \+ OIDC\) to TortoiseSVN"

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

2024-04-10 Thread Jon Martin via TortoiseSVN-dev



It seems instead of (OAuth 2.0 + OIDC) I should be saying (OpenID Connect), 
as "OpenID Connect (OIDC) is an open authentication protocol that works on 
top of the OAuth 2.0 framework." 

In my case OpenID Connect (OIDC) is implemented by the middle man (Azure 
Application Proxy) not the SVN server.  However I can see the need during 
development to authenticate to OIDC on the SVN server.  It looks like the 
SVN server side is already taken care of by this Apache OIDC (OpenID 
Connect) add on: 

OpenID Certified™ OpenID Connect Relying Party implementation for Apache 
HTTP Server 2.x
https://github.com/OpenIDC/mod_auth_openidc

Once TSVN can authenticate via any OpenID Connect. It should work with all.
--Jon
On Wednesday, March 20, 2024 at 12:28:13 AM UTC-7 daniel.l...@gmail.com 
wrote:

> From what I understand, OAuth2 requires both server- and clientside 
> support. So any solution would need to involve both TortoiseSVN and the 
> Subversion project (or VisualSVN). I think it is a great idea but I think 
> some additional development resources would be required to make this 
> happen. Any chance that you (or your company) can get involved in making 
> this happen?
>
> Kind regards,
> Daniel
>
>
> onsdag 20 mars 2024 kl. 08:11:28 UTC+1 skrev j...@parabilis-space.com:
>
> We have run into a problem trying to implement SVN on our secure cloud 
> platform.  Is it possible to pay someone to add modern authentication to 
> TortoiseSVN?
>
>  Specifically we wish to use TortoiseSVN client to access VisualSVN Server 
> via Microsoft Azure Application Proxy.  This requires TSVN to be conversant 
> in "OAuth 2.0 with OpenID Connect (OIDC)".  See 
> https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
>
> You can see the error we get by using TortoiseSVN to open this test 
> repository https://visualsvn.parabilis-space.com/svn/test/ 
> Error: Repository moved temporarily to ...Oath2/authorize...
>
> Thank You,
>
> --Jon
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tortoisesvn-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tortoisesvn-dev/5d07c8f2-c2a8-4cfb-b8df-502b87f66ca0n%40googlegroups.com.

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

2024-04-10 Thread Jon Martin via TortoiseSVN-dev

Thomas Å. While we wait on TortoiseSVN  improvements, what is the  "application 
that performs the OpenIDC authentication" you use on the TortoiseSVN  side? 
Thanks, --Jon

On Friday, March 29, 2024 at 2:02:33 AM UTC-7 Thomas Åkesson wrote:

> Hi Jon and Daniel,
>
> Sorry about the late response. 
>
> We are running TSVN with OpenIDC authenticating with Entra ID (Azure AD), 
> not through the Microsoft Azure Application Proxy though.
>
> Server-side, we have Apache httpd as usual but we add the open-source 
> mod_openidc module (instead of basic auth). In addition, some rewrites and 
> other config that allows us to tunnel the session token in basic auth 
> (which TSVN supports). 
>
> We currently have an installed application that performs the OpenIDC 
> authentication and then inserts the session token in the svn auth cache as 
> a basic authentication. In order to achieve a cleaner implementation that 
> can also work with Microsoft Azure Application Proxy the session token must 
> be sent as a cookie.
>
> We would be interested in contributing experience, specifications and 
> server setups if we can get the following stars aligned:
>  - Financial / developer contributions 
>  - Subversion core committer interest 
>  - TSVN committer interest
>
>  
> We also need to reach consensus in primarily the Subversion project but 
> there is relatively limited amounts of changes that must happen there. 
>  - Sending cookie header with session token instead of basic auth. 
>  - Capture set-cookie response headers related to refresh of the session 
> cookie.
>  - "svn auth" support for storing session token, very similar to basic 
> auth (cookie name and the token). 
>  - maybe something related to handling redirect to ensure that TSVN can 
> act on that
>
> When that is in place, I believe it would be possible to have a standalone 
> helper application that performs the authentication and stores it using the 
> "svn auth" subcommand (or equivalent). Alternatively add this support in 
> TSVN which would be the ideal UX.
>
> Best regards,
> Thomas Å.
>
>
> On 20 Mar 2024, at 08:28, Daniel Sahlberg via TortoiseSVN-dev <
> tortois...@googlegroups.com> wrote:
>
> From what I understand, OAuth2 requires both server- and clientside 
> support. So any solution would need to involve both TortoiseSVN and the 
> Subversion project (or VisualSVN). I think it is a great idea but I think 
> some additional development resources would be required to make this 
> happen. Any chance that you (or your company) can get involved in making 
> this happen?
>
> Kind regards,
> Daniel
>
> onsdag 20 mars 2024 kl. 08:11:28 UTC+1 skrev j...@parabilis-space.com:
>
> We have run into a problem trying to implement SVN on our secure cloud 
> platform.  Is it possible to pay someone to add modern authentication to 
> TortoiseSVN?
>
>  Specifically we wish to use TortoiseSVN client to access VisualSVN Server 
> via Microsoft Azure Application Proxy.  This requires TSVN to be conversant 
> in "OAuth 2.0 with OpenID Connect (OIDC)".  See 
> https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
>
> You can see the error we get by using TortoiseSVN to open this test 
> repository https://visualsvn.parabilis-space.com/svn/test/ 
> Error: Repository moved temporarily to ...Oath2/authorize...
>
> Thank You,
>
> --Jon
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "TortoiseSVN-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to tortoisesvn-d...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/tortoisesvn-dev/4dc5d482-62d0-4c7d-b375-9e1b5e467baan%40googlegroups.com
>  
> 
> .
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tortoisesvn-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tortoisesvn-dev/d32430e9-f95c-49d5-bed0-5511bd6893f7n%40googlegroups.com.

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

2024-04-04 Thread TortoiseSVN-dev on behalf of Pavel Lyalyakin

Hello,

If you're looking to use Azure Application Proxy to authenticate to
VisualSVN Server with Azure AD credentials, there is another option you
might find helpful: *Microsoft Entra Kerberos* authentication. This option
doesn't depend on Azure Application Proxy.

This method should allow Azure AD (Entra ID) users to automatically
authenticate with VisualSVN Server using a Kerberos Ticket-Granting Ticket
(TGT) they get during logon.

Here's a video that explains how to set it up:

Intune Training - S04E03 - Configuring Hybrid Cloud Trust - (I.T)

And here are some MS documentation links for more details:

   - Enable Microsoft Entra Kerberos authentication for hybrid identities
   on Azure Files

   - Enable passwordless security key sign-in to on-premises resources by
   using Microsoft Entra ID

   - How SSO to on-premises resources works on Microsoft Entra joined
   devices

AFAIK, this Entra Kerberos technology is still quite new. Right now, it
only works for hybrid identities (synchronized with Microsoft Entra Cloud
Sync), although support for cloud-only identities seems to be on the roadmap

.

Hope this helps!

On Wed, 20 Mar 2024 at 10:11, Jon Martin via TortoiseSVN-dev <
tortoisesvn-dev@googlegroups.com> wrote:

> We have run into a problem trying to implement SVN on our secure cloud
> platform.  Is it possible to pay someone to add modern authentication to
> TortoiseSVN?
>
>  Specifically we wish to use TortoiseSVN client to access VisualSVN Server
> via Microsoft Azure Application Proxy.  This requires TSVN to be conversant
> in "OAuth 2.0 with OpenID Connect (OIDC)".  See
> https://auth0.com/docs/authenticate/protocols/openid-connect-protocol
>
> You can see the error we get by using TortoiseSVN to open this test
> repository https://visualsvn.parabilis-space.com/svn/test/
> Error: Repository moved temporarily to ...Oath2/authorize...
>
> Thank You,
>
> --Jon
>
> --
> You received this message because you are subscribed to the Google Groups
> "TortoiseSVN-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to tortoisesvn-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/tortoisesvn-dev/c1e45328-6ecf-45bc-8065-139668619d31n%40googlegroups.com
> 
> .
>

-- 
With best regards,
Pavel Lyalyakin
VisualSVN Team

-- 
You received this message because you are subscribed to the Google Groups 
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tortoisesvn-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tortoisesvn-dev/CAEyhmwY16s2mmB2KL0n5XHvsmoNHEQHkiykjgw-%2BfuF%3DEaE--w%40mail.gmail.com.

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

2024-03-29 Thread Daniel Sahlberg via TortoiseSVN-dev

Hi,

fredag 29 mars 2024 kl. 10:02:33 UTC+1 skrev Thomas Åkesson:

Hi Jon and Daniel,

Sorry about the late response.

We are running TSVN with OpenIDC authenticating with Entra ID (Azure AD),
not through the Microsoft Azure Application Proxy though.

Server-side, we have Apache httpd as usual but we add the open-source
mod_openidc module (instead of basic auth). In addition, some rewrites and
other config that allows us to tunnel the session token in basic auth
(which TSVN supports).

We currently have an installed application that performs the OpenIDC
authentication and then inserts the session token in the svn auth cache as
a basic authentication. In order to achieve a cleaner implementation that
can also work with Microsoft Azure Application Proxy the session token must
be sent as a cookie.

We would be interested in contributing experience, specifications and
server setups if we can get the following stars aligned:
- Financial / developer contributions
- Subversion core committer interest
- TSVN committer interest

Hi,

This sounds really interesting. I'm committer in both Subversion and TSVN
(and in Serf, if that would be necessary) and as long as things are
discussed in the appropriate -dev lists, I can sponsor the commits.
Unfortunately I'm not in a position to contribute very much code, simply
because of a lack of time.

We also need to reach consensus in primarily the Subversion project but
there is relatively limited amounts of changes that must happen there.
- Sending cookie header with session token instead of basic auth.
- Capture set-cookie response headers related to refresh of the session
cookie.
- "svn auth" support for storing session token, very similar to basic auth
(cookie name and the token).

These things doesn't sound all that complicated, but should probably be
discussed on d...@subversion.apache.org. Would you like to bring this
discussion over there?

- maybe something related to handling redirect to ensure that TSVN can act
on that

I presume we need to have a notification callback function in Subversion
that TSVN can catch to show the authentication webpage, much like any other
OAuth2 compatible application does, is this correct?

When that is in place, I believe it would be possible to have a standalone
helper application that performs the authentication and stores it using the
"svn auth" subcommand (or equivalent). Alternatively add this support in
TSVN which would be the ideal UX.

Best regards,
Thomas Å.

On 20 Mar 2024, at 08:28, Daniel Sahlberg via TortoiseSVN-dev <
tortois...@googlegroups.com> wrote:

>From what I understand, OAuth2 requires both server- and clientside
support. So any solution would need to involve both TortoiseSVN and the
Subversion project (or VisualSVN). I think it is a great idea but I think
some additional development resources would be required to make this
happen. Any chance that you (or your company) can get involved in making
this happen?

Kind regards,
Daniel

onsdag 20 mars 2024 kl. 08:11:28 UTC+1 skrev j...@parabilis-space.com:

We have run into a problem trying to implement SVN on our secure cloud
platform. Is it possible to pay someone to add modern authentication to
TortoiseSVN?

Specifically we wish to use TortoiseSVN client to access VisualSVN Server
via Microsoft Azure Application Proxy. This requires TSVN to be conversant
in "OAuth 2.0 with OpenID Connect (OIDC)". See
https://auth0.com/docs/authenticate/protocols/openid-connect-protocol

You can see the error we get by using TortoiseSVN to open this test
repository https://visualsvn.parabilis-space.com/svn/test/
Error: Repository moved temporarily to ...Oath2/authorize...

Thank You,

--Jon

--
You received this message because you are subscribed to the Google Groups
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to tortoisesvn-d...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tortoisesvn-dev/4dc5d482-62d0-4c7d-b375-9e1b5e467baan%40googlegroups.com

--
You received this message because you are subscribed to the Google Groups
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to tortoisesvn-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tortoisesvn-dev/00eb0964-485a-4c49-a73d-522745766195n%40googlegroups.com.

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

2024-03-29 Thread TortoiseSVN-dev

Hi Jon and Daniel,

Sorry about the late response. 

We are running TSVN with OpenIDC authenticating with Entra ID (Azure AD), not 
through the Microsoft Azure Application Proxy though.

Server-side, we have Apache httpd as usual but we add the open-source 
mod_openidc module (instead of basic auth). In addition, some rewrites and 
other config that allows us to tunnel the session token in basic auth (which 
TSVN supports). 

We currently have an installed application that performs the OpenIDC 
authentication and then inserts the session token in the svn auth cache as a 
basic authentication. In order to achieve a cleaner implementation that can 
also work with Microsoft Azure Application Proxy the session token must be sent 
as a cookie.

We would be interested in contributing experience, specifications and server 
setups if we can get the following stars aligned:
 - Financial / developer contributions 
 - Subversion core committer interest 
 - TSVN committer interest
 
We also need to reach consensus in primarily the Subversion project but there 
is relatively limited amounts of changes that must happen there. 
 - Sending cookie header with session token instead of basic auth. 
 - Capture set-cookie response headers related to refresh of the session cookie.
 - "svn auth" support for storing session token, very similar to basic auth 
(cookie name and the token). 
 - maybe something related to handling redirect to ensure that TSVN can act on 
that

When that is in place, I believe it would be possible to have a standalone 
helper application that performs the authentication and stores it using the 
"svn auth" subcommand (or equivalent). Alternatively add this support in TSVN 
which would be the ideal UX.

Best regards,
Thomas Å.


> On 20 Mar 2024, at 08:28, Daniel Sahlberg via TortoiseSVN-dev 
>  wrote:
> 
> From what I understand, OAuth2 requires both server- and clientside support. 
> So any solution would need to involve both TortoiseSVN and the Subversion 
> project (or VisualSVN). I think it is a great idea but I think some 
> additional development resources would be required to make this happen. Any 
> chance that you (or your company) can get involved in making this happen?
> 
> Kind regards,
> Daniel
> 
> onsdag 20 mars 2024 kl. 08:11:28 UTC+1 skrev j...@parabilis-space.com 
> :
> We have run into a problem trying to implement SVN on our secure cloud 
> platform.  Is it possible to pay someone to add modern authentication to 
> TortoiseSVN?
> 
>  Specifically we wish to use TortoiseSVN client to access VisualSVN Server 
> via Microsoft Azure Application Proxy.  This requires TSVN to be conversant 
> in "OAuth 2.0 with OpenID Connect (OIDC)".  See 
> https://auth0.com/docs/authenticate/protocols/openid-connect-protocol 
> 
> You can see the error we get by using TortoiseSVN to open this test 
> repository https://visualsvn.parabilis-space.com/svn/test/ 
>  
> Error: Repository moved temporarily to ...Oath2/authorize...
> 
> 
> Thank You,
> 
> --Jon
> 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "TortoiseSVN-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to tortoisesvn-dev+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/tortoisesvn-dev/4dc5d482-62d0-4c7d-b375-9e1b5e467baan%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tortoisesvn-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tortoisesvn-dev/382E9C80-79E8-4548-A667-D664D8EA95D9%40fastmail.se.

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

2024-03-20 Thread Daniel Sahlberg via TortoiseSVN-dev

>From what I understand, OAuth2 requires both server- and clientside 
support. So any solution would need to involve both TortoiseSVN and the 
Subversion project (or VisualSVN). I think it is a great idea but I think 
some additional development resources would be required to make this 
happen. Any chance that you (or your company) can get involved in making 
this happen?

Kind regards,
Daniel

onsdag 20 mars 2024 kl. 08:11:28 UTC+1 skrev j...@parabilis-space.com:

We have run into a problem trying to implement SVN on our secure cloud 
platform.  Is it possible to pay someone to add modern authentication to 
TortoiseSVN?

 Specifically we wish to use TortoiseSVN client to access VisualSVN Server 
via Microsoft Azure Application Proxy.  This requires TSVN to be conversant 
in "OAuth 2.0 with OpenID Connect (OIDC)".  See 
https://auth0.com/docs/authenticate/protocols/openid-connect-protocol

You can see the error we get by using TortoiseSVN to open this test 
repository https://visualsvn.parabilis-space.com/svn/test/ 
Error: Repository moved temporarily to ...Oath2/authorize...

Thank You,

--Jon

-- 
You received this message because you are subscribed to the Google Groups 
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tortoisesvn-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tortoisesvn-dev/4dc5d482-62d0-4c7d-b375-9e1b5e467baan%40googlegroups.com.

Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

2024-03-20 Thread Jon Martin via TortoiseSVN-dev



We have run into a problem trying to implement SVN on our secure cloud 
platform.  Is it possible to pay someone to add modern authentication to 
TortoiseSVN?

 Specifically we wish to use TortoiseSVN client to access VisualSVN Server 
via Microsoft Azure Application Proxy.  This requires TSVN to be conversant 
in "OAuth 2.0 with OpenID Connect (OIDC)".  
See https://auth0.com/docs/authenticate/protocols/openid-connect-protocol

You can see the error we get by using TortoiseSVN to open this test 
repository https://visualsvn.parabilis-space.com/svn/test/ 
Error: Repository moved temporarily to ...Oath2/authorize...

Thank You,

--Jon

-- 
You received this message because you are subscribed to the Google Groups 
"TortoiseSVN-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tortoisesvn-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tortoisesvn-dev/c1e45328-6ecf-45bc-8065-139668619d31n%40googlegroups.com.

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

Re: Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

Add modern authentication (OAuth 2.0 + OIDC) to TortoiseSVN

7 matches

Site Navigation

Mail list logo

Footer information