HowTo configure a single sign-on into Redmine from an other App on the same server » History » Version 3

Denis Savitskiy, 2014-11-27 14:21
preformatted code

1 1 Patrick Ludikhuyze
h1. HowTo configure a single sign-on into Redmine from an other App on the same server
2 1 Patrick Ludikhuyze
3 1 Patrick Ludikhuyze
We had an App on our server and wanted to integrate Redmine into it.
4 1 Patrick Ludikhuyze
We configured an LDAP authentication which made it possible for users to login with the same username and password.
5 1 Patrick Ludikhuyze
But I didn't much like them needing to login again every time they needed to open Redmine helpdesk/issue tracking part of our site.
6 1 Patrick Ludikhuyze
7 1 Patrick Ludikhuyze
Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option.
8 1 Patrick Ludikhuyze
9 1 Patrick Ludikhuyze
h3. Basic Steps
10 1 Patrick Ludikhuyze
11 1 Patrick Ludikhuyze
* Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed)
12 1 Patrick Ludikhuyze
  The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table.
13 1 Patrick Ludikhuyze
  This also ensures that any modification to user name and e-mail are properly synced to Redmine long after initial creation.
14 1 Patrick Ludikhuyze
15 1 Patrick Ludikhuyze
* Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day
16 1 Patrick Ludikhuyze
  We also chose to not use Self registration but that could be site specific.
17 1 Patrick Ludikhuyze
  OpenID and Rest API authentication are not required for this to work; it depends on your use of Redmine.
18 1 Patrick Ludikhuyze
19 1 Patrick Ludikhuyze
* Configure the use of autologin cookie also in config/configuraion.yml
20 3 Denis Savitskiy
<pre>
21 3 Denis Savitskiy
autologin_cookie_name: autologin
22 3 Denis Savitskiy
autologin_cookie_path: /
23 3 Denis Savitskiy
autologin_cookie_secure: false
24 3 Denis Savitskiy
</pre>
25 1 Patrick Ludikhuyze
26 1 Patrick Ludikhuyze
  P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further.
27 1 Patrick Ludikhuyze
28 1 Patrick Ludikhuyze
* Delete existing autologin token from Redmine DB
29 3 Denis Savitskiy
<pre>
30 3 Denis Savitskiy
SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...;
31 3 Denis Savitskiy
</pre>
32 1 Patrick Ludikhuyze
33 1 Patrick Ludikhuyze
* Create our new autologin token into Redmine DB
34 1 Patrick Ludikhuyze
  Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b)
35 3 Denis Savitskiy
<pre>
36 3 Denis Savitskiy
SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now());
37 3 Denis Savitskiy
</pre>
38 1 Patrick Ludikhuyze
39 1 Patrick Ludikhuyze
* Create cookie with autologin token
40 1 Patrick Ludikhuyze
  This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours:
41 3 Denis Savitskiy
<pre>
42 3 Denis Savitskiy
setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '.yourdomain.be');
43 3 Denis Savitskiy
</pre>
44 1 Patrick Ludikhuyze
45 1 Patrick Ludikhuyze
  Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub URI).
46 1 Patrick Ludikhuyze
47 1 Patrick Ludikhuyze
* Sanitise command line to forward URL arguments to Redmine
48 2 Patrick Ludikhuyze
  I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App.  So when Redmine sends e-mails, the click through URLs go trough my App, request the proper login and pass the rest of the URL to Redmine.
49 1 Patrick Ludikhuyze
  That would be site specific but shouldn't be too hard.
50 1 Patrick Ludikhuyze
51 1 Patrick Ludikhuyze
That should do the trick!
52 1 Patrick Ludikhuyze
53 1 Patrick Ludikhuyze
Happy Redmining ;-)