Feature #1131
closed
Add support for alternate (non-LDAP) authentication
100%
Description
I would like to see a way to add a custom external authenticator. Currently, the "New Authentication Modes" link assumes an LDAP source. Some more information about what I'm trying to do is here: http://www.redmine.org/boards/1/topics/show/495
Once you subclass AuthSource, there should be a way to make it visible to React so that it can be selected in the Authentication administration page.
Related issues
Updated by Alon Bar-Lev over 16 years ago
This is also required for kerberos authentication.
If the application run under apache, it should be able to receive the user from environment.
Updated by
Updated by Alon Bar-Lev almost 16 years ago
This is simple, as I don't know ruby I cannot promis it is the best solution.
But you can have configuration option for a request variable to take the user from.
In order to support basic authentication (kerberos or SSL) under apache with mod_rails, I only had to do the following:
# Returns the current user or nil if no user is logged in
def find_current_user
+ if request.env["REMOTE_USER"]
+ ( User.find_by_login(request.env["REMOTE_USER"]) rescue nil)
- if session[:user_id]
+ elsif session[:user_id]
# existing session
(User.active.find(session[:user_id]) rescue nil)
As [1] wanted to have a different variable... So I guess the actual string may be configurable.
This is very important for enterprise deployment, please set milestone.
Thanks!
Updated by Jan Ivar Beddari over 15 years ago
Very much agree.
We use this together with mod_auth_kerb
Updated by Renno Reinurm over 15 years ago
I'm also interested to have external authentication support using Kerberos.
Updated by Anthony Topper almost 15 years ago
I'd like to see Kerberos support added as well.
Updated by Stanislav German-Evtushenko over 14 years ago
I'm agree. It would be nice to be able to use Kerberos authentication.
Updated by Brian Wells over 14 years ago
I've added a custom external authenticator to Redmine by means of a plugin that modifies the Authentication Sources view to include something other than LDAP.
http://www.redmine.org/projects/redmine/wiki/Plugin_List/#Mac-OS-X-Identity-Services-plugin
It would be helpful if there was a more standard way to add a subclass of AuthSource and a custom form for it, but what I've done so far works fine.
-- Brian Wells
Updated by Eric Davis over 14 years ago
- Category set to Accounts / authentication
- Status changed from New to Closed
- Assignee set to Eric Davis
- Target version set to 1.0.0 (RC)
- % Done changed from 0 to 100
- Resolution set to Fixed
I've change AuthSource so it can now be extended to support other external auth sources (i.e. removed the LDAP assumption). An example of how to add a new AuthSource can be seen in my redmine_sso_client plugin. It adds a new AuthSource model, controller, form, and a menu item.