https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292021-08-13T15:05:05ZRedmineRedmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1037132021-08-13T15:05:05ZMischa The Evil
<ul></ul><p>Go MAEDA wrote:</p>
<blockquote>
<p>However, OpenId was obsoleted by OpenID Connect some years ago [...]</p>
</blockquote>
<p>I hadn't noticed that change.</p>
<p>Go MAEDA wrote:</p>
<blockquote>
<p>[...] And it is not easy for us to test if Redmine's OpenID support is working properly.</p>
</blockquote>
<p>Well, AFAIK it isn't working OOTB properly at least. And that already for 10(+) years. See <a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Defect: Attribute exchange with OpenID providers (Closed)" href="https://www.redmine.org/issues/3780">#3780</a>, <a class="issue tracker-3 status-5 priority-4 priority-default closed" title="Patch: change to allow openID to use Google Apps (Closed)" href="https://www.redmine.org/issues/5966">#5966</a>, <a class="issue tracker-1 status-5 priority-5 priority-high2 closed" title="Defect: openid : Fields not taken when logged in using Google account. Redmine 2.0.3 (Closed)" href="https://www.redmine.org/issues/11778">#11778</a> and the '<a href="http://projects.andriylesyuk.com/project/redmine/openid-fix" class="external">OpenID Fix</a>' plugin by Andriy Lesyuk.</p>
<p>Go MAEDA wrote:</p>
<blockquote>
<p>[...] I think it is time to remove OpenID support from Redmine.</p>
</blockquote>
<p>I agree. +1. And I think that JPL would wholeheartedly agree too (given the thoughts he expressed at the time in <a class="issue tracker-2 status-5 priority-4 priority-default closed" title="Feature: OpenID login (Closed)" href="https://www.redmine.org/issues/699#note-14">#699#note-14</a>)...</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1037822021-08-16T17:37:42ZHolger Just
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/35688">Defect #35688</a>: OpenIdAuthentication alias_method_chain</i> added</li></ul> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1040302021-09-05T07:29:02ZGo MAEDA
<ul><li><strong>File</strong> <a href="/attachments/28017">0001-Drop-OpenID-authentication-support.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/28017/0001-Drop-OpenID-authentication-support.patch">0001-Drop-OpenID-authentication-support.patch</a> added</li></ul><p>Here is a patch to drop OpenID.</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1040312021-09-05T07:32:05ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/32293">Defect #32293</a>: Redmine does not start if optional openid gems are not installed</i> added</li></ul> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1046612021-11-18T06:08:10ZMarius BĂLTEANU
<ul><li><strong>Target version</strong> set to <i>5.0.0</i></li></ul><p>Let's drop this.</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1048402021-12-14T00:10:04ZGo MAEDA
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Go MAEDA</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Committed the changes. Redmine no longer supports OpenID.</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1048672021-12-15T01:25:05ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/699">Feature #699</a>: OpenID login</i> added</li></ul> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1048842021-12-16T04:23:01ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-4 priority-default closed" href="/issues/36326">Defect #36326</a>: Missing div tag in views page</i> added</li></ul> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1065442022-04-27T22:11:51ZFelix Singer
<ul></ul><blockquote>
<p>Given this situation, probably very few users are using OpenID login in Redmine. I think it is time to remove OpenID support from Redmine.</p>
</blockquote>
<p>If you don't know, then maybe you should ask your users before you do such a change. We just set up a Keycloak for our services and so we wanted to use this. Are you planning to replace it with an alternative? OAuth2?</p>
<blockquote>
<p>OpenId was obsoleted by OpenID Connect some years ago and most OpenID providers discontinued their services.</p>
</blockquote>
<p>How can a native function get obselete if the alternative is a 3rd party plugin? Should that be a feature or an improvement? That's a huge step backwards.</p>
<p>Also, looking at the pages for issues and pull requests from that OpenID Connect plugin, it looks pretty much unmaintained. So again, how can this be a proper alternative?</p>
<p><a class="external" href="https://github.com/devopskube/redmine_openid_connect">https://github.com/devopskube/redmine_openid_connect</a></p>
<blockquote>
<p>Now it is very difficult to find a web service with an OpenID provider service. This means that it is difficult for Redmine users to start using OpenID login.</p>
</blockquote>
<p>What? First, there are not only hosted solutions out there. You can set up your own service, see Keycloak or SimpleID. So I don't see how this could be an argument why it should be difficult to start using it. It depends on who you ask. It's very common for companies or organizations to use some sort of SSO or OpenID login, as you maybe know.</p>
<blockquote>
<p>And it is not easy for us to test if Redmine's OpenID support is working properly.</p>
</blockquote>
<p>As I just mentioned, you can set up your own service. So I don't get why it's not "easy" for you to test if it's working properly. There are definitely possibilities.</p>
<p>Please consider reverting this change or providing an alternative, e.g. login with OAuth2.</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1065912022-05-04T04:09:44Zbom brad
<ul></ul><p>Your decision to drop support for OpenID is unbelievable!<br />I agree with Felix Singer.</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1066592022-05-11T15:48:00Zmarkus schulte
<ul></ul><p>hey guys,<br />you can easily configure keycloak to be an oidc server.<br />and then use redmine_oidc or relevants. works like a charm!<br />except you dared using rm5.0. but that's a different story i guess.<br />cheers,<br />/markus</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1068522022-06-01T13:34:07ZHeiko Böhme
<ul></ul><p>really ... not funny ... I actually wanted to implement OIDC / OAUTH2</p>
<p>is there a special plugin?</p>
<p>best heiko</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1069332022-06-14T09:54:20ZChristoffer Rumohr
<ul></ul><p>Go MAEDA wrote:</p>
<blockquote>
<p>Given this situation, probably very few users are using OpenID login in Redmine. I think it is time to remove OpenID support from Redmine.</p>
</blockquote>
<p>While I completely agree with this move (OpenID != OpenID Connect) I think that proper support for OpenID Connect should be provided out of the box and not via a 3rd party plugin.</p>
<p>When we take a look at the <a href="https://github.com/devopskube/redmine_openid_connect/network" class="external">network graph</a> of the "most popular" OpenID Connect plugin on GitHub - it's a total mess. Forked several times and no maintainer took over eventually. I'm trying to integrate our Redmine installation with Keycloak right now and are completely unsure, which fork to pick.</p>
<p>Especially since OpenID Connect is becoming more and more popular and this functionality affects the security of a Redmine installation, the current situation is very bleak.</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1077292022-08-28T23:30:35ZGo MAEDA
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-5 priority-3 priority-lowest closed" href="/issues/37609">Defect #37609</a>: Remove obsolete remnant public/images/openid-bg.gif</i> added</li></ul> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1115822023-11-21T16:58:50ZPavel Goran
<ul></ul><p>It's a pity that OpenID support was removed. I was using it in the in-house Redmine installation for many years. Now that installation was upgraded to version 5, and I'm locked out of my account. :)</p>
<p>Sure, I'll find my way back in, but I don't appreciate having to create yet another password.</p>
<p>Overall, it's sad that a good technology will no longer work with Redmine, especially given that there is no decent replacement (judging from the comments in this issue).</p> Redmine - Feature #35755: Drop OpenID supporthttps://www.redmine.org/issues/35755?journal_id=1131212024-03-06T12:56:09ZMarco Descher
<ul></ul><p>Christoffer Rumohr wrote in <a href="#note-13">#note-13</a>:</p>
<blockquote>
<p>Go MAEDA wrote:</p>
<blockquote>
<p>Given this situation, probably very few users are using OpenID login in Redmine. I think it is time to remove OpenID support from Redmine.</p>
</blockquote>
<p>While I completely agree with this move (OpenID != OpenID Connect) I think that proper support for OpenID Connect should be provided out of the box and not via a 3rd party plugin.</p>
<p>When we take a look at the <a href="https://github.com/devopskube/redmine_openid_connect/network" class="external">network graph</a> of the "most popular" OpenID Connect plugin on GitHub - it's a total mess. Forked several times and no maintainer took over eventually. I'm trying to integrate our Redmine installation with Keycloak right now and are completely unsure, which fork to pick.</p>
<p>Especially since OpenID Connect is becoming more and more popular and this functionality affects the security of a Redmine installation, the current situation is very bleak.</p>
</blockquote>
<p>I second this - exactly the same situation. I want to authenticate to redmine via a keycloak SSO - but I don't know which of the third-party plugins to trust here. Especially,<br />as there are more and more Supply Chain Attacks. A plugin doing authentication is predestined to be a target (for such an attack) - so the only way to have a proper trust here, is for this SSO login mechanism to be an integrated part of the core system.</p>