Feature #1131

Add support for alternate (non-LDAP) authentication

Added by Mark Thomas over 9 years ago. Updated over 7 years ago.

Status:ClosedStart date:2008-04-28
Priority:NormalDue date:
Assignee:Eric Davis% Done:

100%

Category:Accounts / authentication
Target version:1.0.0 (RC)
Resolution:Fixed

Description

I would like to see a way to add a custom external authenticator. Currently, the "New Authentication Modes" link assumes an LDAP source. Some more information about what I'm trying to do is here: http://www.redmine.org/boards/1/topics/show/495

Once you subclass AuthSource, there should be a way to make it visible to React so that it can be selected in the Authentication administration page.


Related issues

Related to Redmine - Feature #2356: SSO Authentication (CAS Jasig) New 2008-12-18

Associated revisions

Revision 3744
Added by Eric Davis over 7 years ago

Refactor AuthSourcesController to support non-LDAP sources. #1131

History

#1 Updated by Alon Bar-Lev over 9 years ago

This is also required for kerberos authentication.

If the application run under apache, it should be able to receive the user from environment.

#2 Updated by Jean-Philippe Lang about 9 years ago

  • Target version deleted (0.8)

#3 Updated by Alon Bar-Lev almost 9 years ago

This is simple, as I don't know ruby I cannot promis it is the best solution.
But you can have configuration option for a request variable to take the user from.
In order to support basic authentication (kerberos or SSL) under apache with mod_rails, I only had to do the following:

   # Returns the current user or nil if no user is logged in
   def find_current_user
+    if request.env["REMOTE_USER"]
+      ( User.find_by_login(request.env["REMOTE_USER"]) rescue nil)
-    if session[:user_id]
+    elsif session[:user_id]
       # existing session
       (User.active.find(session[:user_id]) rescue nil)

As [1] wanted to have a different variable... So I guess the actual string may be configurable.

This is very important for enterprise deployment, please set milestone.

Thanks!

#4 Updated by Jan Ivar Beddari over 8 years ago

Very much agree.

We use this together with mod_auth_kerb

#5 Updated by Renno Reinurm over 8 years ago

I'm also interested to have external authentication support using Kerberos.

#6 Updated by Anthony Topper almost 8 years ago

I'd like to see Kerberos support added as well.

#7 Updated by Stanislav German-Evtushenko over 7 years ago

I'm agree. It would be nice to be able to use Kerberos authentication.

#8 Updated by Brian Wells over 7 years ago

I've added a custom external authenticator to Redmine by means of a plugin that modifies the Authentication Sources view to include something other than LDAP.

http://www.redmine.org/projects/redmine/wiki/Plugin_List/#Mac-OS-X-Identity-Services-plugin

It would be helpful if there was a more standard way to add a subclass of AuthSource and a custom form for it, but what I've done so far works fine.

-- Brian Wells

#9 Updated by Eric Davis over 7 years ago

  • Category set to Accounts / authentication
  • Status changed from New to Closed
  • Assignee set to Eric Davis
  • Target version set to 1.0.0 (RC)
  • % Done changed from 0 to 100
  • Resolution set to Fixed

I've change AuthSource so it can now be extended to support other external auth sources (i.e. removed the LDAP assumption). An example of how to add a new AuthSource can be seen in my redmine_sso_client plugin. It adds a new AuthSource model, controller, form, and a menu item.

r3743, r3744, r3745

Also available in: Atom PDF