Running redmine on Apache2 on Windows; using SSPI authentication; is it possible?

Added by Roger Lipscombe almost 10 years ago

I'm currently using Trac to manage a small number of projects. I've got Trac running under Apache, using mod_python, on Windows 2003. I'm using mod_sspi to manage transparent authentication.

I've got a couple of questions:

1. Can someone point me at some documentation for running Redmine under Apache, rather than under WEBrick? Can I use mod_ruby, or should I use FCGI instead? I found a page on the Rails Wiki (http://wiki.rubyonrails.org/rails/pages/mod_ruby), that suggests that mod_ruby is a bad idea.
2. Can I get Redmine to use Apache's authn information, meaning that I can continue to use SSPI?

I'll continue to poke around, but if anyone's already done this, I'd appreciate some pointers.

Thanks in advance,
Roger.

Replies (33)

RE: Running redmine on Apache2 on Windows; using SSPI authentication; is it possible? - Added by haroonie haroonie almost 7 years ago

haroonie haroonie wrote:

I followed Thomas's guide using mod_auth_sspi.so v1.0.3 and Adam's HTTP Authentication plugin v.0.3.0 and it worked for me. By using the plugin, I did not need to modify the application.rb and this worked on Redmine v.1.0.4.

this is using a Bitnami Redmine install on a windows xp machine. we really wanted transparent authentication and this 'fix' was exactly what we were looking for.

RE: RE: Running redmine on Apache2 on Windows; using SSPI authentication; is it possible? - Added by Serge ST over 6 years ago

Can someone send me the http.conf file?

y cant figure out how to configure it :(

RE: RE: Running redmine on Apache2 on Windows; using SSPI authentication; is it possible? - Added by Serge ST over 6 years ago

finally go it...

this is my apache config if someone has problems

<Directory "C:/redmine/public/">
Options FollowSymLinks
AllowOverride None
Order deny,allow
allow from all
</Directory>

DocumentRoot C:/redmine/public
ProxyPreserveHost On
<Location /redmine>
Options +FollowSymLinks +SymLinksIfOwnerMatch
Order allow,deny
Allow from all

ProxyPass         balancer://redmine_cluster
ProxyPassReverse balancer://redmine_cluster
RewriteEngine     On
RewriteCond %{IS_SUBREQ} ^false$
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader add X_REMOTE_USER_666 %{RU}e
AuthName          "Redmine Authentication" 
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOmitDomain On
#SSPIUsernameCase lower
require valid-user
&lt;/Location&gt;

<Proxy balancer://redmine_cluster>
BalancerMember http://localhost:3000
BalancerMember http://localhost:3001
</Proxy>

RE: Running redmine on Apache2 on Windows; using SSPI authentication; is it possible? - Added by David Yoffe about 6 years ago

How to install and integrate redmine into cyn.in on Cyn.in - Community Edition v3.1.3 (on debian 5.0.4 i38) ?
for bug trackers, bug tracking, request tracking, etc..

RE: Running redmine on Apache2 on Windows; using SSPI authentication; is it possible? - Added by Al Us over 3 years ago

Please help, version 2.5.2 no file application.rb. In what file needs to be changed?

RE: Running redmine on Apache2 on Windows; using SSPI authentication; is it possible? - Added by Alexander Ryabinovskiy about 3 years ago

Redmine 2.5.2, I changed
Redmine\app\controllers\application_controller.rb

  # Returns the current user or nil if no user is logged in
  # and starts a session if needed
  def find_current_user
    user = nil
    unless api_request?
      if session[:user_id]
        # existing session
        user = (User.active.find(session[:user_id]) rescue nil)

      #Add this block for HTTP Auth:
      elsif (forwarded_user = request.env["HTTP_X_REMOTE_USER_6E3RZQKX"])
        # web server authentication
        user = (User.find_by_login(forwarded_user) rescue nil)

It works on Apache 2.4 + mod_authnz_sspi + Thin web-servers on Windows 2003 Server with this config:

    LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule headers_module modules/mod_headers.so
    LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so

    LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
    ...
<Location />
    Options           +FollowSymLinks +SymLinksIfOwnerMatch
    Order             allow,deny
    Allow             from all

    ProxyPass balancer://redminecluster/
    ProxyPassReverse balancer://redminecluster/

    RewriteEngine     On
    RewriteCond       %{IS_SUBREQ} ^false$
    RewriteCond       %{LA-U:REMOTE_USER} (.+)
    RewriteRule       . - [E=RU:%1]
    RequestHeader     add X_REMOTE_USER_6E3RZQKX %{RU}e

    AuthName          "Redmine Authentication" 
    AuthType          SSPI
    SSPIAuth          On
    SSPIAuthoritative On
    SSPIOmitDomain    On
    SSPIUsernameCase  lower
    require           valid-user
</Location>

<Proxy balancer://redminecluster>
    BalancerMember http://localhost:3001
    BalancerMember http://localhost:3002
    ProxySet lbmethod=byrequests
</Proxy>

1 2 (26-33/33)