Redmine

Daniil Demekhin wrote:

Hello

I use Redmine 5.0.5.stable

I need to implement single sign-in authorization. LDAP authentication is already configured and working, but would like users to be able to avoid entering login and password. Redmine runs on apache24 (Ubuntu server)

To implement single sign-on for Redmine 5.0.5 with existing LDAP authentication on Apache 2.4, the most effective method is leveraging Apache's mod_auth_gssapi module for Kerberos/SPNEGO authentication. This allows users, especially those in a Windows domain, to automatically log into Redmine without re-entering credentials. You'll need to configure Kerberos on your Ubuntu server, create a service principal name (SPN) and keytab file on your KDC (e.g., Active Directory), and then set up mod_auth_gssapi in your Apache virtual host to extract the authenticated username. Finally, install a Redmine plugin like redmine_http_auth to read this username from an HTTP header (e.g., X-Remote-User) and integrate it with your existing Redmine LDAP authentication source, ensuring seamless user provisioning and access based on their LDAP details.