Feature #1131
Add support for alternate (non-LDAP) authentication
Status: | Closed | Start date: | 2008-04-28 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | % Done: | 100% | ||
Category: | Accounts / authentication | |||
Target version: | 1.0.0 (RC) | |||
Resolution: | Fixed |
Description
I would like to see a way to add a custom external authenticator. Currently, the "New Authentication Modes" link assumes an LDAP source. Some more information about what I'm trying to do is here: http://www.redmine.org/boards/1/topics/show/495
Once you subclass AuthSource, there should be a way to make it visible to React so that it can be selected in the Authentication administration page.
Related issues
Associated revisions
Refactor AuthSourcesController to support non-LDAP sources. #1131
History
#1
Updated by Alon Bar-Lev over 14 years ago
This is also required for kerberos authentication.
If the application run under apache, it should be able to receive the user from environment.
#2
Updated by Jean-Philippe Lang about 14 years ago
- Target version deleted (
0.8)
#3
Updated by Alon Bar-Lev about 14 years ago
This is simple, as I don't know ruby I cannot promis it is the best solution.
But you can have configuration option for a request variable to take the user from.
In order to support basic authentication (kerberos or SSL) under apache with mod_rails, I only had to do the following:
# Returns the current user or nil if no user is logged in
def find_current_user
+ if request.env["REMOTE_USER"]
+ ( User.find_by_login(request.env["REMOTE_USER"]) rescue nil)
- if session[:user_id]
+ elsif session[:user_id]
# existing session
(User.active.find(session[:user_id]) rescue nil)
As [1] wanted to have a different variable... So I guess the actual string may be configurable.
This is very important for enterprise deployment, please set milestone.
Thanks!
#4
Updated by Jan Ivar Beddari almost 14 years ago
Very much agree.
We use this together with mod_auth_kerb
#5
Updated by Renno Reinurm over 13 years ago
I'm also interested to have external authentication support using Kerberos.
#6
Updated by Anthony Topper about 13 years ago
I'd like to see Kerberos support added as well.
#7
Updated by Stanislav German-Evtushenko over 12 years ago
I'm agree. It would be nice to be able to use Kerberos authentication.
#8
Updated by Brian Wells over 12 years ago
I've added a custom external authenticator to Redmine by means of a plugin that modifies the Authentication Sources view to include something other than LDAP.
http://www.redmine.org/projects/redmine/wiki/Plugin_List/#Mac-OS-X-Identity-Services-plugin
It would be helpful if there was a more standard way to add a subclass of AuthSource and a custom form for it, but what I've done so far works fine.
-- Brian Wells
#9
Updated by Eric Davis over 12 years ago
- Category set to Accounts / authentication
- Status changed from New to Closed
- Assignee set to Eric Davis
- Target version set to 1.0.0 (RC)
- % Done changed from 0 to 100
- Resolution set to Fixed
I've change AuthSource so it can now be extended to support other external auth sources (i.e. removed the LDAP assumption). An example of how to add a new AuthSource can be seen in my redmine_sso_client plugin. It adds a new AuthSource model, controller, form, and a menu item.