Hi, fredag 29 mars 2024 kl. 10:02:33 UTC+1 skrev Thomas Åkesson:
Hi Jon and Daniel, Sorry about the late response. We are running TSVN with OpenIDC authenticating with Entra ID (Azure AD), not through the Microsoft Azure Application Proxy though. Server-side, we have Apache httpd as usual but we add the open-source mod_openidc module (instead of basic auth). In addition, some rewrites and other config that allows us to tunnel the session token in basic auth (which TSVN supports). We currently have an installed application that performs the OpenIDC authentication and then inserts the session token in the svn auth cache as a basic authentication. In order to achieve a cleaner implementation that can also work with Microsoft Azure Application Proxy the session token must be sent as a cookie. We would be interested in contributing experience, specifications and server setups if we can get the following stars aligned: - Financial / developer contributions - Subversion core committer interest - TSVN committer interest Hi, This sounds really interesting. I'm committer in both Subversion and TSVN (and in Serf, if that would be necessary) and as long as things are discussed in the appropriate -dev lists, I can sponsor the commits. Unfortunately I'm not in a position to contribute very much code, simply because of a lack of time. We also need to reach consensus in primarily the Subversion project but there is relatively limited amounts of changes that must happen there. - Sending cookie header with session token instead of basic auth. - Capture set-cookie response headers related to refresh of the session cookie. - "svn auth" support for storing session token, very similar to basic auth (cookie name and the token). These things doesn't sound all that complicated, but should probably be discussed on [email protected]. Would you like to bring this discussion over there? - maybe something related to handling redirect to ensure that TSVN can act on that I presume we need to have a notification callback function in Subversion that TSVN can catch to show the authentication webpage, much like any other OAuth2 compatible application does, is this correct? When that is in place, I believe it would be possible to have a standalone helper application that performs the authentication and stores it using the "svn auth" subcommand (or equivalent). Alternatively add this support in TSVN which would be the ideal UX. Best regards, Thomas Å. On 20 Mar 2024, at 08:28, Daniel Sahlberg via TortoiseSVN-dev < [email protected]> wrote: >From what I understand, OAuth2 requires both server- and clientside support. So any solution would need to involve both TortoiseSVN and the Subversion project (or VisualSVN). I think it is a great idea but I think some additional development resources would be required to make this happen. Any chance that you (or your company) can get involved in making this happen? Kind regards, Daniel onsdag 20 mars 2024 kl. 08:11:28 UTC+1 skrev [email protected]: We have run into a problem trying to implement SVN on our secure cloud platform. Is it possible to pay someone to add modern authentication to TortoiseSVN? Specifically we wish to use TortoiseSVN client to access VisualSVN Server via Microsoft Azure Application Proxy. This requires TSVN to be conversant in "OAuth 2.0 with OpenID Connect (OIDC)". See https://auth0.com/docs/authenticate/protocols/openid-connect-protocol You can see the error we get by using TortoiseSVN to open this test repository https://visualsvn.parabilis-space.com/svn/test/ Error: Repository moved temporarily to ...Oath2/authorize... Thank You, --Jon -- You received this message because you are subscribed to the Google Groups "TortoiseSVN-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn-dev/4dc5d482-62d0-4c7d-b375-9e1b5e467baan%40googlegroups.com <https://groups.google.com/d/msgid/tortoisesvn-dev/4dc5d482-62d0-4c7d-b375-9e1b5e467baan%40googlegroups.com?utm_medium=email&utm_source=footer> . -- You received this message because you are subscribed to the Google Groups "TortoiseSVN-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn-dev/00eb0964-485a-4c49-a73d-522745766195n%40googlegroups.com.
