Subversion Client Authentication

Your CollabNet site requires two levels of authentication: first, your HTTP client (web-browser) client must provide an SSL client certificate to the server. After that, the HTTP client must supply a standard CollabNet username and password. Because the Subversion client is also an HTTP client, it must supply these same credentials.

Assuming you already have a valid client certificate installed in your web browser, you can tell your browser to "export" the certificate in PKCS#12 format. Save that file somewhere on disk (for example, /some/path/to/cert.p12), then present it to the Subversion client when it asks:

$ svn co https://project.domain/svn/project/trunk project

Authentication realm: https://project.domain:443
Client certificate filename: /some/path/to/cert.p12
Passphrase for '/some/path/to/cert.p12': XXXXXXX
Password for 'username': XXXXXX

A  project/
A  project/www
A  project/www/index.html
Checked out revision 1.

After the Subversion client has successfully authenticated, it will automatically attempt to cache the username/password credentials in the user's run-time config area. To prevent this on-disk caching (or to simply learn more about this feature), refer to "Client Credentials Caching" in chapter 6 of the Subversion book.

While the basic CollabNet username/password pair will be cached on disk, the client certificate location will not be. To avoid being prompted for the certificate location every time, users will need to modify their run-time servers file to point to the certificate. Review SSL Certificate Management in the Subversion book to learn about automating client certificates.

WARNING: consult your local security policies regarding stored passwords! While it may be fine to point your servers file to the certificate itself, you may not want to store the certificate's passphrase on disk.

Back to SVN/CollabNet Integration