locked
Java TFS SDK can't authenticate user when code is deployed to server RRS feed

  • Question

  • I'm using the Java TFS SDK to connect to on-premise TFS 2012 server.  I'm updating it to use a new account to connect to TFS. When I run the code on my local machine it connects without issue. I can use both my personal account and a new service account.

    When I deploy the code to my tomcat server and run it through a web service call, it fails to authenticate using the new service account. It works when I use my personal account, but I need it to work for this service account.

    com.microsoft.tfs.core.exceptions.TFSUnauthorizedException: Access denied connecting to TFS server http://tfsserver:8080/ (authenticating as MYDOMAIN\new_account)

    Here's how I connecting

                    TFSTeamProjectCollection tpc;
    		String tfsURL = "http://tfsserver:8080/tfs/My%20Software%20Development/";
    
    		try {
    			Credentials credentials = new UsernamePasswordCredentials("MYDOMAIN\\" + TFS_USER, TFS_PASSWD);
    			URI tfsURI = new URI(tfsURL);
    			tpc = new TFSTeamProjectCollection(tfsURI, credentials);
    			tpc.ensureAuthenticated();
    		} catch (Exception ex) {
    			logger.error("Unable to connect to TFS at " + tfsURL + "; Exception: " + ex.getMessage());
    			throw ex;
    		}
    Why does only one account work when deployed to server but both accounts work when testing on my local machine?




    Thursday, July 9, 2020 8:24 PM

All replies

  • Hi Brandon Hoppe,

    Please confirm if your tomcat server can access the new domain. Or please try to access tfs with new domain account directly in your tomcat server.

    BTW, maybe you can refer this document to configure tomcat server for your domain.

    Best Regards,

    Dylan


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Friday, July 10, 2020 8:54 AM
  • Dylan,

    Let me correct some confusion. The domain is the same, it hasn't changed. Its just a new account. So MYDOMAIN\old_account works from tomcat but MYDOMAIN\new_account doesn't work from tomcat. Both work testing from my desktop in my IDE (visual code).

    Brandon

    Tuesday, July 14, 2020 8:36 PM
  • Hi Brandon Hoppe,

    It seems that there are limitation about the new account in tomcat server. Please check the related requirements for different service account: https://docs.microsoft.com/en-us/azure/devops/server/account-requirements?view=azure-devops 

    And please try to re-create a new account which is like your old account, then check if it could access in tomcat server.

    Best Regards,

    Dylan


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Wednesday, July 15, 2020 9:14 AM
  • This isn't an issue with the tomcat server. Its an issue with TFS and how it authenticates.

    I can connect to TFS with this new account from Visual Code IDE on my desktop.

    I can connect to TFS with this new account from tomcat server running on my desktop

    I can connect to TFS with the OLD account from tomcat server running on remote server.

    I can NOT connect to TFS with this new account from tomcat server running on remote server.

    So why would TFS deny authentication for this new account ONLY from the remote server?

    Friday, July 17, 2020 6:13 AM
  • Hi Brandon Hoppe,

    Sorry for delay in reply.

    About the authentication of TFS account, we suggest you could redirect to stackoverflow with tfs tag, and then you could get dedicated support about it.

    Best Regards,

    Dylan


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Monday, July 20, 2020 9:23 AM