Project

General

Profile

Actions

Patch #5267

closed

Allow for OpenID-only operation

Added by Jeff Mitchell over 14 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
OpenID
Target version:
-
Start date:
2010-04-07
Due date:
% Done:

0%

Estimated time:

Description

This patch against 0.9 stable branch in Git allows for an OpenID-only site. Registration links are disabled and login provides an OpenID-only option. Registration is performed via initial OpenID login.

This is useful in situations where you are running in a closed environment, where you want to use SSO via the OpenID provider, or if you are running publicly but simply prefer to keep user management to the users.


Files

openidonly.patch (4 KB) openidonly.patch Jeff Mitchell, 2010-04-07 21:35
Actions #1

Updated by Eric Davis over 14 years ago

  • Category set to Accounts / authentication
Actions #2

Updated by Anonymous over 14 years ago

If the sreg response doesn't contain a unique login, first/last names, and an email address, this patch will still respond with the registration page.

I think the correct way to approach OpenID-only operation is to make first/last name and email optional, and allow changing the login name (since it's not used for logging in any more). I want to use OpenID in the first place to allow identity with as little effort as possible, and requiring these fields erects a wall with little benefit.

Actions #3

Updated by Jeff Mitchell over 14 years ago

Isn't the login the OpenID? In which case it'll be unique.

It's true that the email address must also be unique. It does fail over to the registration page, at which point an administrator must end up approving the request. This isn't necessarily a bad thing, since the clashing emails might indicate a problem.

However, I agree with what you said in the sense that making email optional would be nice. If you have OpenID you don't really need to have email be a primary key; you can use the OpenID instead.

Actions #4

Updated by Anonymous over 14 years ago

Nope; the login is set to be the sreg "nickname". If your provider doesn't send back any sreg at all, you'll get the registration page with a confounding error about requiring a login name (and then you'll need to enter a password, etc).

I don't think it's possible to use the identity URL for the login, anyway; login names are restricted to letters, numbers, and a handful of punctuation.

There's a patch on issue #3780 that gets OpenID support closer to how it should be, by filling in dummy values when the sreg is missing something.

Actions #5

Updated by Jeff Mitchell over 14 years ago

Alex Munroe wrote:

I don't think it's possible to use the identity URL for the login, anyway; login names are restricted to letters, numbers, and a handful of punctuation.

Seems like a fixable problem.

Actions #6

Updated by Etienne Massip over 13 years ago

  • Category changed from Accounts / authentication to OpenID
Actions #7

Updated by Go MAEDA about 3 years ago

  • Status changed from New to Closed

The OpenID support has been dropped by #35755 for the upcoming Redmine 5.0.0.

Actions

Also available in: Atom PDF