Hi Jon and Daniel, Sorry about the late response.
We are running TSVN with OpenIDC authenticating with Entra ID (Azure AD), not through the Microsoft Azure Application Proxy though. Server-side, we have Apache httpd as usual but we add the open-source mod_openidc module (instead of basic auth). In addition, some rewrites and other config that allows us to tunnel the session token in basic auth (which TSVN supports). We currently have an installed application that performs the OpenIDC authentication and then inserts the session token in the svn auth cache as a basic authentication. In order to achieve a cleaner implementation that can also work with Microsoft Azure Application Proxy the session token must be sent as a cookie. We would be interested in contributing experience, specifications and server setups if we can get the following stars aligned: - Financial / developer contributions - Subversion core committer interest - TSVN committer interest We also need to reach consensus in primarily the Subversion project but there is relatively limited amounts of changes that must happen there. - Sending cookie header with session token instead of basic auth. - Capture set-cookie response headers related to refresh of the session cookie. - "svn auth" support for storing session token, very similar to basic auth (cookie name and the token). - maybe something related to handling redirect to ensure that TSVN can act on that When that is in place, I believe it would be possible to have a standalone helper application that performs the authentication and stores it using the "svn auth" subcommand (or equivalent). Alternatively add this support in TSVN which would be the ideal UX. Best regards, Thomas Å. > On 20 Mar 2024, at 08:28, Daniel Sahlberg via TortoiseSVN-dev > <tortoisesvn-dev@googlegroups.com> wrote: > > From what I understand, OAuth2 requires both server- and clientside support. > So any solution would need to involve both TortoiseSVN and the Subversion > project (or VisualSVN). I think it is a great idea but I think some > additional development resources would be required to make this happen. Any > chance that you (or your company) can get involved in making this happen? > > Kind regards, > Daniel > > onsdag 20 mars 2024 kl. 08:11:28 UTC+1 skrev j...@parabilis-space.com > <http://parabilis-space.com/>: > We have run into a problem trying to implement SVN on our secure cloud > platform. Is it possible to pay someone to add modern authentication to > TortoiseSVN? > > Specifically we wish to use TortoiseSVN client to access VisualSVN Server > via Microsoft Azure Application Proxy. This requires TSVN to be conversant > in "OAuth 2.0 with OpenID Connect (OIDC)". See > https://auth0.com/docs/authenticate/protocols/openid-connect-protocol > <https://auth0.com/docs/authenticate/protocols/openid-connect-protocol> > You can see the error we get by using TortoiseSVN to open this test > repository https://visualsvn.parabilis-space.com/svn/test/ > <https://visualsvn.parabilis-space.com/svn/test/> > Error: Repository moved temporarily to ...Oath2/authorize... > > > Thank You, > > --Jon > > > -- > You received this message because you are subscribed to the Google Groups > "TortoiseSVN-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to tortoisesvn-dev+unsubscr...@googlegroups.com > <mailto:tortoisesvn-dev+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tortoisesvn-dev/4dc5d482-62d0-4c7d-b375-9e1b5e467baan%40googlegroups.com > > <https://groups.google.com/d/msgid/tortoisesvn-dev/4dc5d482-62d0-4c7d-b375-9e1b5e467baan%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "TortoiseSVN-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to tortoisesvn-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn-dev/382E9C80-79E8-4548-A667-D664D8EA95D9%40fastmail.se.
