archi-modelrepository-plugin
archi-modelrepository-plugin copied to clipboard
archimatetool
Multi-factor authentication and importing models
I have multi-factor authentication enabled for GitHub, which might cause problems for Archi's beta Collaboration plug-in...
But, I tried:
- Importing with username/password: it began cloning and then silently stopped (failed)
- Importing with username/developer personal token: it began cloning and then silently stopped (failed)
- Cloning with
git, but no.archimatefile is provided
*Using Archi v4.2.0
Originally posted in: alberttwong/archi_cloudnative#7
Thanks for reporting. Authentication is something we want to take a look at. For now it's only working with username and password.
Hi,
FWIW, I have a colleague that uses GitHub Enterprise. In this case he uses its username and a personal token without any issue.
It seems that in your case authentication is not the issue as the clone starts but fails.
Could you retry and then share your error log ( Help Menu > About Archi > Installation Details > Configuration > View Error Log) ?
Have you been able to try with a personal token (this is how several people I know are using collaboration with GitHub Enterprise) ?
I just tried it, on Github cloud with 2FA enabled. And it works with personal access token, but only on https clone URL.
Sorry to bring up an old thread. I am getting a "not authorised" error connecting to an on-premise Azure DevOps GIT instance.
I am evaluating Archi (version 4.8.1) with Archi Collaboration (coArchi) version 0.7.202102021056. I also have GIT for windows version 2.23.1.windows.2 installed.
The Git repository is currently empty and I'm using Archi's collaboration "import remote model to workspace" menu item to try and test Archi's connection to my ADO Git.
Option 1 - using HTTPS with username and password.
I was getting an SSL error, but have resolved that by editing C;\Users,username>.gitconfig to include [http] sslVerify=False [https] sslVerify=False
The connection seems to half work as Archi briefly connects to my repository and shows the repository name but quickly fails with "not authorised". I have verified the username and password is correct by accessing my ADO URL through a Chrome incognito browser session, entering username and password, and getting in. I'm stuck on this one, so moved to other methods:
Option 2 - SSH authentication
This didn't work - using PowerShell's test-netconnection I found port 22 is blocked on our ADO server, and unblocking is a world of pain I'd rather avoid!
test-netconnection (server name) -informationlevel detailed -port 22
Option 3 - use HTTPS with a GIT generated Personal Access Token.
I have created a personal access token in ADO git, but cannot see where to use it or configure it in Archi. In @jbsarrodie post above, he says "I have a colleague that uses GitHub Enterprise. In this case he uses its username and a personal token without any issue."
In desperation have tried entering in the "Add Remote Model" dialog my username and personal access token (in the password field) with same "not authorised" result.
How do you use a GIT personal access token with the Archi collaboration plug in please?
Any comment / help much appreciated.
Thanks and Best Regards, David.
Hi, when using oauth, you have to use oauth2 has username and the token as password (should work on main git services)
Does this mean the plugin already is prepared for the Github change to OAuth access only?
Got an email from Github yesterday about deprecation of username/password access.
Hi, when using oauth, you have to use
oauth2has username and the token as password (should work on main git services)
Thanks for the replies @jbsarrodie & @joeldebruijn.
I've done a bit or reading around oauth2, from that I'm thinking:
- you need a oauth2 autentication provider, such as google, facebook, or microsoft.
- your app needs to be coded to use oauth2 - is the Archi collaboration plugin oauth2 enabled? i cant see anywhere to choose it as an option, or to choose an oauth2 provider - i.e. a sign in with google option. I'm thinking its username and password, or SSH, and currently no personal access token support.
coArchi plugin is agnostic of the git server and work only with ssh key or user/password. It's up to the server to use some tricks to cope with that (that's what gitlab and github do with the 'oauth2' pseudo username and PAT as password).
I've done a bit more experimenting with the Archi Collaboration plug in and Azure DevOps.
I spent a few minutes on my personal machine (outside the complications of other networks) reproducing the same “not authorised” error when connecting Archi's Collaboration plugin to an Azure DevOps Git repo:
- I signed up for an Azure DevOps free "basic plan" here
- on the ADO webpage I initialised the repository, ready for use
- Followed the Archi Collaboration set up instructions here
- Using Archi's Collaboration -> import remote model to workspace menu option, used the clone HTTPS address, and ADO username & password and got the same "not authorised" error.
- I double checked my username & password by logging onto ADO with a Chrome incognito window.
- I looked at my Microsoft account activity, and it didn’t show any failed authorisation attempts, but did show my double check attempt.
I then tried SSH authentication following the instructions here . It authenticated and interacted perfectly :-)
I think Archi uses jGit?
After a bit more Googling , I'm wondering if it's something to do with "TFS [ADO] out of the box is configured only for NTLM authentication over HTTP", and "JGit does not do NTLM".
Any thoughts much appreciated.
David.
coArchi plugin is agnostic of the git server and work only with ssh key or user/password. It's up to the server to use some tricks to cope with that (that's what gitlab and github do with the 'oauth2' pseudo username and PAT as password).
Thanks for the reply, ah right, so my username, and a personal access token copied from ADO / Github and pasted into Archi's password field should authenticate with ADO / Github ?
I'll try that with GitHub and with ADO in a while.
David.