Hi,
i am able to create a CI repository and login into the relating Git repo hosted on TFS. I do this by providing credentials for CI’s build project. However, i don’t want to use my personal credentials, as other developers shall be able to use this project also.
How can i configure access to a git repository without providing credentials in the build project. I am on Windows and we have a Active Directory set up. Does CI support Single Sign-On or some other mechanism to achieve this?
Thanks
Thomas
Hi Thomas,
To allow the Git command line to log in to any Git service using Windows credentials, you need to use a credentials manager.
First install the Git Credential Manager for Windows on your Continua CI server - note that this is included in the installer for the latest version of Git for Windows.
This allows the Git command line to use credentials stored securely in the Windows Credentials manager. See Use Git Credential Managers to Authenticate to VSTS for more information.
You then need to store your credentials. You can do this by logging into the server using the Continua CI Server service user account, opening a command prompt, running a Git command that requires credentials and entering your credentials into the dialog or prompts that appear. The credentials will be stored for subsequent calls to the command line.
Alternatively you can enter the credentials into the Windows Credential Manager manually: Open the Credentials Manager in the Control Panel, select Windows Credentials, add a generic credential with Internet or network address starting with git:, e.g. git:http://tfsserver, and your user name and password.
You can also do this on the command line by running cmdkey. e.g.
cmdkey /generic:git:http://tfsserver /user:domain\username /pass:password
This command can also be run when when logged in as another user
runas /user:serviceuser "cmdkey /generic:git:http://tfsserver /user:domain\username /pass:password"
Note that the Git Credentials Manager will open a dialog to request a username /password if this it is not available. As Continua CI is running as a service and cannot interact with the UI, this will cause Git commands to hang and wait for the process timeout. We recommend that you disable this dialog on the server by running the following Git command line:
git config credential.interactive never
Continua CI also supports accessing git servers via SSH. See Git over SSH for information on setting up your SSH keys. Once the SSH key is set up for the service user you can use the SSH URL to access your repository without supplying a username and password e.g. ssh://tfsserver/tfs/DefaultCollection/_git/GitRepo. See Use SSH key authentication in the TFS docs for details on SSH authentication for Git in TFS.
Hi Dave,
huge thanx. That did the job. Excellent support. 
Your answer is complete. Your response time great. Continua and Firebuilder as well are truly awesome software. As i did read quite some of the docs over the last weeks i can tell they’re good too. However, some of it is incomplete and some is out-dated. Well, there’s always room to improve.
As for your recommendation “git config credential.interactive never”. I did not use it. The disadvantage of doing so, is the system running into a timeout in case of an authentication failure. The advantage is, that users can setup their credentials easily, as the dialog will popup automatically.
Again, thanks a lot and have a nice weekend.
Thomas