HowTo configure a single sign-on into Redmine from an other App on the same server¶

We had an App on our server and wanted to integrate Redmine into it.
We configured an LDAP authentication which made it possible for users to login with the same username and password.
But I didn't much like them needing to login again every time they needed to open Redmine helpdesk/issue tracking part of our site.

Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option.

Basic Steps¶

• Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed)
  The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table.
  This also ensures that any modification to user name and e-mail are properly synced to Redmine long after initial creation.

• Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day
  We also chose to not use Self registration but that could be site specific.
  OpenID and Rest API authentication are not required for this to work; it depends on your use of Redmine.

• Configure the use of autologin cookie also in config/configuraion.yml
  autologin_cookie_name: autologin
  autologin_cookie_path: /
  autologin_cookie_secure: false

  P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further.

• Delete existing autologin token from Redmine DB

  SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...;

• Create our new autologin token into Redmine DB
  Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b)

  SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now());

• Create cookie with autologin token
  This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours:

  setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '.yourdomain.be');

  Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub URI).

• Sanitise command line to forward URL arguments to Redmine
  I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App. So when Redmine sends e-mails, the click through URLs go trough my App, request the proper login and pass the rest of the URL to Redmine.
  That would be site specific but should be too hard.

That should do the trick!

Happy Redmining ;-)