Project

General

Profile

Actions

Feature #1131

closed

Add support for alternate (non-LDAP) authentication

Added by Mark Thomas over 16 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Accounts / authentication
Target version:
Start date:
2008-04-28
Due date:
% Done:

100%

Estimated time:
Resolution:
Fixed

Description

I would like to see a way to add a custom external authenticator. Currently, the "New Authentication Modes" link assumes an LDAP source. Some more information about what I'm trying to do is here: http://www.redmine.org/boards/1/topics/show/495

Once you subclass AuthSource, there should be a way to make it visible to React so that it can be selected in the Authentication administration page.


Related issues

Related to Redmine - Feature #2356: SSO Authentication (CAS Jasig)New2008-12-18

Actions
Actions #1

Updated by Alon Bar-Lev over 16 years ago

This is also required for kerberos authentication.

If the application run under apache, it should be able to receive the user from environment.

Actions #2

Updated by Jean-Philippe Lang about 16 years ago

  • Target version deleted (0.8)
Actions #3

Updated by Alon Bar-Lev almost 16 years ago

This is simple, as I don't know ruby I cannot promis it is the best solution.
But you can have configuration option for a request variable to take the user from.
In order to support basic authentication (kerberos or SSL) under apache with mod_rails, I only had to do the following:

   # Returns the current user or nil if no user is logged in
   def find_current_user
+    if request.env["REMOTE_USER"]
+      ( User.find_by_login(request.env["REMOTE_USER"]) rescue nil)
-    if session[:user_id]
+    elsif session[:user_id]
       # existing session
       (User.active.find(session[:user_id]) rescue nil)

As [1] wanted to have a different variable... So I guess the actual string may be configurable.

This is very important for enterprise deployment, please set milestone.

Thanks!

Actions #4

Updated by Jan Ivar Beddari over 15 years ago

Very much agree.

We use this together with mod_auth_kerb

Actions #5

Updated by Renno Reinurm over 15 years ago

I'm also interested to have external authentication support using Kerberos.

Actions #6

Updated by Anthony Topper almost 15 years ago

I'd like to see Kerberos support added as well.

Actions #7

Updated by Stanislav German-Evtushenko over 14 years ago

I'm agree. It would be nice to be able to use Kerberos authentication.

Actions #8

Updated by Brian Wells over 14 years ago

I've added a custom external authenticator to Redmine by means of a plugin that modifies the Authentication Sources view to include something other than LDAP.

http://www.redmine.org/projects/redmine/wiki/Plugin_List/#Mac-OS-X-Identity-Services-plugin

It would be helpful if there was a more standard way to add a subclass of AuthSource and a custom form for it, but what I've done so far works fine.

-- Brian Wells

Actions #9

Updated by Eric Davis over 14 years ago

  • Category set to Accounts / authentication
  • Status changed from New to Closed
  • Assignee set to Eric Davis
  • Target version set to 1.0.0 (RC)
  • % Done changed from 0 to 100
  • Resolution set to Fixed

I've change AuthSource so it can now be extended to support other external auth sources (i.e. removed the LDAP assumption). An example of how to add a new AuthSource can be seen in my redmine_sso_client plugin. It adds a new AuthSource model, controller, form, and a menu item.

r3743, r3744, r3745

Actions

Also available in: Atom PDF