Feature #37363
openAdd native support for OIDC
0%
Description
- Support for OpenID has been dropped (see #35755)
- The only OIDC plugin only supports version 3.4.x of redmine
There is currently no way to implement SSO in current and future versions of redmine, other than creating a custom plugin, which certainly requires in-depth knowledge of ruby on rails, putting it out of reach of many.
I'm sure it would be useful to many of us redmine administrators to have redmine natively support OIDC.
Updated by Christoffer Rumohr over 2 years ago
Well there is a plugin for Redmine v5 but with no clear direction regarding the development.
See: #35755#note-13
In my opinion a native Integration is an absolute must when it comes to the future of Redmine.
Updated by Felix Singer over 2 years ago
I agree. Redmine would benefit from a native OIDC implementation. Maybe also add support for different OAuth2 providers, like Github, Gitlab or Google.
Updated by Quentin Aymard 12 months ago
- the aformentioned plugin has been updated and forked but seems incredibly buggy and undocumented.
- a new plugin is somewhat implementing provider-specific Oauth/OIDC login : https://github.com/kontron/redmine_oauth.
This lack of "modern" (OIDC is almost 10 years old already) auth protocols is really holding Redmine back : 2FA support is recent and very partial, password-strenght controls are unreliable, passkeys are nowhere to be seen in the upcoming v5/v6 features, etc.
Having native, standard OIDC support in Redmine like never before an absolute must-have. Any modern web app should avoid internal/ldap authentication, and rather use native OIDC support, paired with a dedicated identity provider (eg. Keycloak) which then can provide identity federation features from LDAP, AD, internal database, or other Oauth identity providers, but also security feature like MFA, passkeys, passwork rotation and strenght enforcement, etc.
Updated by Marco Descher 10 months ago
See my comment in https://www.redmine.org/issues/35755#note-16