HowTo configure a single sign-on into Redmine from an other App on the same server » History » Version 4
Vignesh Kumar, 2017-09-02 06:17
| 1 | 4 | Vignesh Kumar | h1. HowTo configure a single sign-on into Redmine from the other App on the same server |
|---|---|---|---|
| 2 | 1 | Patrick Ludikhuyze | |
| 3 | We had an App on our server and wanted to integrate Redmine into it. |
||
| 4 | 4 | Vignesh Kumar | We configured a LDAP authentication which made it possible for users to log in with the same username and password. |
| 5 | But I didn't much like them needing to log in again every time they needed to open Redmine helpdesk/issue tracking part of our site. |
||
| 6 | 1 | Patrick Ludikhuyze | |
| 7 | Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option. |
||
| 8 | |||
| 9 | h3. Basic Steps |
||
| 10 | |||
| 11 | * Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed) |
||
| 12 | The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table. |
||
| 13 | 4 | Vignesh Kumar | This also ensures that any modification to user name and email are properly synced to Redmine long after initial creation. |
| 14 | 1 | Patrick Ludikhuyze | |
| 15 | * Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day |
||
| 16 | 4 | Vignesh Kumar | We also chose to not use Self-registration but that could be site specific. |
| 17 | OpenID and Rest API authentication is not required for this to work; it depends on your use of Redmine. |
||
| 18 | 1 | Patrick Ludikhuyze | |
| 19 | * Configure the use of autologin cookie also in config/configuraion.yml |
||
| 20 | 3 | Denis Savitskiy | <pre> |
| 21 | autologin_cookie_name: autologin |
||
| 22 | autologin_cookie_path: / |
||
| 23 | autologin_cookie_secure: false |
||
| 24 | </pre> |
||
| 25 | 1 | Patrick Ludikhuyze | |
| 26 | P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further. |
||
| 27 | |||
| 28 | * Delete existing autologin token from Redmine DB |
||
| 29 | 3 | Denis Savitskiy | <pre> |
| 30 | SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...; |
||
| 31 | </pre> |
||
| 32 | 1 | Patrick Ludikhuyze | |
| 33 | * Create our new autologin token into Redmine DB |
||
| 34 | Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b) |
||
| 35 | 3 | Denis Savitskiy | <pre> |
| 36 | SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now()); |
||
| 37 | </pre> |
||
| 38 | 1 | Patrick Ludikhuyze | |
| 39 | * Create cookie with autologin token |
||
| 40 | This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours: |
||
| 41 | 3 | Denis Savitskiy | <pre> |
| 42 | setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '.yourdomain.be'); |
||
| 43 | </pre> |
||
| 44 | 1 | Patrick Ludikhuyze | |
| 45 | 4 | Vignesh Kumar | Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub-URI). |
| 46 | 1 | Patrick Ludikhuyze | |
| 47 | * Sanitise command line to forward URL arguments to Redmine |
||
| 48 | 4 | Vignesh Kumar | I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App. So when Redmine sends emails, the click through URLs go through my App, request the proper login and pass the rest of the URL to Redmine. |
| 49 | 1 | Patrick Ludikhuyze | That would be site specific but shouldn't be too hard. |
| 50 | |||
| 51 | That should do the trick! |
||
| 52 | |||
| 53 | Happy Redmining ;-) |