HowTo configure a single sign-on into Redmine from the other App on the same server

We had an App on our server and wanted to integrate Redmine into it.
We configured a LDAP authentication which made it possible for users to log in with the same username and password.
But I didn't much like them needing to log in again every time they needed to open Redmine helpdesk/issue tracking part of our site.

Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option.

Basic Steps

  • Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed)
    The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table.
    This also ensures that any modification to user name and email are properly synced to Redmine long after initial creation.
  • Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day
    We also chose to not use Self-registration but that could be site specific.
    OpenID and Rest API authentication is not required for this to work; it depends on your use of Redmine.
  • Configure the use of autologin cookie also in config/configuraion.yml
    autologin_cookie_name: autologin
    autologin_cookie_path: /
    autologin_cookie_secure: false
    

    P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further.

  • Delete existing autologin token from Redmine DB
    SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...;
    
  • Create our new autologin token into Redmine DB
    Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b)
    SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now());
    
  • Create cookie with autologin token
    This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours:
    setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '.yourdomain.be');
    

    Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub-URI).

  • Sanitise command line to forward URL arguments to Redmine
    I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App. So when Redmine sends emails, the click through URLs go through my App, request the proper login and pass the rest of the URL to Redmine.
    That would be site specific but shouldn't be too hard.

That should do the trick!

Happy Redmining ;-)