HowTo configure a single sign-on into Redmine from an other App on the same server » History » Version 2

Patrick Ludikhuyze, 2012-12-26 21:29

1 1 Patrick Ludikhuyze
h1. HowTo configure a single sign-on into Redmine from an other App on the same server
2 1 Patrick Ludikhuyze
3 1 Patrick Ludikhuyze
We had an App on our server and wanted to integrate Redmine into it.
4 1 Patrick Ludikhuyze
We configured an LDAP authentication which made it possible for users to login with the same username and password.
5 1 Patrick Ludikhuyze
But I didn't much like them needing to login again every time they needed to open Redmine helpdesk/issue tracking part of our site.
6 1 Patrick Ludikhuyze
7 1 Patrick Ludikhuyze
Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option.
8 1 Patrick Ludikhuyze
9 1 Patrick Ludikhuyze
h3. Basic Steps
10 1 Patrick Ludikhuyze
11 1 Patrick Ludikhuyze
* Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed)
12 1 Patrick Ludikhuyze
  The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table.
13 1 Patrick Ludikhuyze
  This also ensures that any modification to user name and e-mail are properly synced to Redmine long after initial creation.
14 1 Patrick Ludikhuyze
15 1 Patrick Ludikhuyze
* Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day
16 1 Patrick Ludikhuyze
  We also chose to not use Self registration but that could be site specific.
17 1 Patrick Ludikhuyze
  OpenID and Rest API authentication are not required for this to work; it depends on your use of Redmine.
18 1 Patrick Ludikhuyze
19 1 Patrick Ludikhuyze
* Configure the use of autologin cookie also in config/configuraion.yml
20 1 Patrick Ludikhuyze
  autologin_cookie_name: autologin
21 1 Patrick Ludikhuyze
  autologin_cookie_path: /
22 1 Patrick Ludikhuyze
  autologin_cookie_secure: false
23 1 Patrick Ludikhuyze
24 1 Patrick Ludikhuyze
  P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further.
25 1 Patrick Ludikhuyze
26 1 Patrick Ludikhuyze
* Delete existing autologin token from Redmine DB
27 1 Patrick Ludikhuyze
28 1 Patrick Ludikhuyze
  SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...;
29 1 Patrick Ludikhuyze
30 1 Patrick Ludikhuyze
* Create our new autologin token into Redmine DB
31 1 Patrick Ludikhuyze
  Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b)
32 1 Patrick Ludikhuyze
33 1 Patrick Ludikhuyze
  SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now());
34 1 Patrick Ludikhuyze
35 1 Patrick Ludikhuyze
* Create cookie with autologin token
36 1 Patrick Ludikhuyze
  This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours:
37 1 Patrick Ludikhuyze
38 1 Patrick Ludikhuyze
  setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '.yourdomain.be');
39 1 Patrick Ludikhuyze
40 1 Patrick Ludikhuyze
  Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub URI).
41 1 Patrick Ludikhuyze
42 1 Patrick Ludikhuyze
* Sanitise command line to forward URL arguments to Redmine
43 1 Patrick Ludikhuyze
  I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App.  So when Redmine sends e-mails, the click through URLs go trough my App, request the proper login and pass the rest of the URL to Redmine.
44 2 Patrick Ludikhuyze
  That would be site specific but shouldn't be too hard.
45 1 Patrick Ludikhuyze
46 1 Patrick Ludikhuyze
That should do the trick!
47 1 Patrick Ludikhuyze
48 1 Patrick Ludikhuyze
Happy Redmining ;-)