Project

General

Profile

Actions

Feature #699

closed

OpenID login

Added by Antonio Tapiador about 16 years ago. Updated about 15 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Accounts / authentication
Target version:
Start date:
2008-02-20
Due date:
% Done:

100%

Estimated time:
Resolution:
Fixed

Description

Supporting OpenID login would facilitate User registration, as well as incorporating collaborators to projects.


Related issues

Related to Redmine - Feature #1237: Add support for two-factor authenticationClosedGo MAEDA2008-05-14

Actions
Related to Redmine - Feature #35755: Drop OpenID supportClosedGo MAEDA

Actions
Actions #1

Updated by Michael Pirogov about 16 years ago

Read here and here

But I'm voting for it too :)

Actions #2

Updated by Antonio Tapiador about 16 years ago

Is there any interest in a path?
I could send it

Actions #3

Updated by Antonio Tapiador about 16 years ago

.. a patch!

Actions #4

Updated by Stephanie Collett almost 16 years ago

Is there anymore traction on this? We would like this functionality as well, but would rather not break-away from the codebase.

Actions #5

Updated by Thomas Lecavelier almost 16 years ago

Antonio, you should post your patch in the patch tracker: it should interest many people.

Actions #6

Updated by Antenore Gatta over 15 years ago

I would like also to have OpenID functionality, are there any chances it will be implemented?

Thanks a lot

BR
Antenore.

Actions #7

Updated by Otto Hilska over 15 years ago

I'm also voting for this feature.

Actions #8

Updated by Jan Ivar Beddari over 15 years ago

Another vote from me. I come from an enterprise environment where OpenID could solve SSO for our internal network/intranet in one swoop, using openid-ldap on top of our existing Active Directory. This will be a lot easier to handle in the long run than integrating each and every app through apache+kerberos or ldaps.

Actions #9

Updated by Eric Davis over 15 years ago

  • Status changed from New to 7
  • Assignee set to Eric Davis

I'd like to add OpenID login and registrations in Redmine. I get several collaborators on my projects and it would make things a lot easier if they could use OpenID to signup. I'm hoping to get this into 0.8 but I'm not promising anything yet.

Actions #10

Updated by Eric Davis about 15 years ago

  • Status changed from 7 to Resolved
  • Target version set to 0.9.0
  • % Done changed from 0 to 100
  • Resolution set to Fixed

I've added OpenID support to Redmine. It's optional and by default is turned off. To turn it on, go to the Administration panel > Authentication and select the OpenID checkbox. When enabled this will allow users to login through their OpenID url.

New user registration

If a new user account tries logs in with their OpenID, the system will create a user for them and then process the account like normal (e.g. needs administrator approval or needs email confirmation).

Existing users

Existing users can edit their account ('/my/account') and add their OpenID to the identity_url field. Then they will be able to login using OpenID.

Sponser

I'd like to thank Reiner Jung of Keyboard Monkeys for sponsoring this feature. Without him, it would have been awhile before I was able to work on it.

Technical information

  • I did some refactoring to AccountController in order to reduce the duplication.
  • The openid rubygem is included in vendor/gems
  • The open_id_authentication plugin is included in vendor/plugins
  • We might want to refactor OpenID to act like an AuthSource later. Right now AuthSources are assumed to be LDAP and since I don't have a LDAP server to test with I didn't go that route and potentially break LDAP logins.

Commits

Includes commits from r2437 to r2449

Actions #11

Updated by Go MAEDA about 15 years ago

Eric Davis, thanks for your great work.
But it seems that openid rubygem in vendor/gems is not used. I saw the following error while migrating database. It was resolved after I installed ruby-openid.

$ rake db:migrate
(in /Users/maeda/NetBeansProjects/redmine)
Missing these required gems:
  ruby-openid  >= 2.0.4

You're running:
  ruby 1.8.7.5000 at /usr/local/bin/ruby
  rubygems 1.3.1 at /Users/maeda/.gem/ruby/1.8, /usr/local/lib/ruby/gems/1.8

Run `rake gems:install` to install the missing gems.

My environment:

$ ruby -v
ruby 1.8.7 (2008-11-15 revision 0) [i386-darwin9.5.1]

$ gem list rails

*** LOCAL GEMS ***

rails (2.2.2, 2.1.2, 2.1.1, 2.1.0)

$ svn info
Path: .
URL: http://redmine.rubyforge.org/svn/trunk
Repository Root: http://redmine.rubyforge.org/svn
Repository UUID: e93f8b46-1217-0410-a6f0-8f06a7374b81
Revision: 2450
Node Kind: directory
Schedule: normal
Last Changed Author: edavis10
Last Changed Rev: 2450
Last Changed Date: 2009-02-12 04:45:53 +0900 (木, 12  2 2009)

Actions #12

Updated by Eric Davis about 15 years ago

Go MAEDA wrote:

Eric Davis, thanks for your great work.
But it seems that openid rubygem in vendor/gems is not used. I saw the following error while migrating database. It was resolved after I installed ruby-openid.

Thanks, can you retry it with r2452? The open_id plugin was trying to load an older version of the gem which wasn't in vendor. I ended up changing the plugin so it used the bundled gem.

Actions #13

Updated by Go MAEDA about 15 years ago

Eric Davis wrote:

Thanks, can you retry it with r2452? The open_id plugin was trying to load an older version of the gem which wasn't in vendor. I ended up changing the plugin so it used the bundled gem.

r2452 works fine. Thanks!

Actions #14

Updated by Jean-Philippe Lang about 15 years ago

I'm pretty sad to see that this feature got integrated into the core.
IMHO, it's a marginal feature. Adding dependencies and bundling gems in vendor/plugins doesn't make the application easier to maintain.

That's exactly the kind of thing that I'd like to see implemented as a plugin. Eric, you made a great job on plugins, why didn't you give it a try ? Having a plugable authentication would be a much better solution.

Actions #15

Updated by Kevin Menard about 15 years ago

For what it's worth, I'm happy to see it in core. While not a Redmine developer, as a user it's great to have this out of the box. One of the problems I've been running into is that people just don't want to create yet another account on some random Web site (i.e., mine). I actually had a partner on an open source project opt to go with Lighthouse and Google groups because of the hurdle in creating yet another account on yet another site.

That's not to say that it couldn't work as a plugin, but I don't want to have to spend an inordinate amount of time to make the system usable. I also suspect this would get used more than the LDAP integration would by the general populace.

Actions #16

Updated by Eric Davis about 15 years ago

Jean-Philippe Lang wrote:

I'm pretty sad to see that this feature got integrated into the core.
IMHO, it's a marginal feature. Adding dependencies and bundling gems in vendor/plugins doesn't make the application easier to maintain.

I'm sorry you feel that way. I've spoken to numerous people on IRC and in real life and every one of them agreed that it would be a great feature for the core. Lowering the barrier to entry for new users makes the system as a whole easier to get started with.

That's exactly the kind of thing that I'd like to see implemented as a plugin. Eric, you made a great job on plugins, why didn't you give it a try ? Having a plugable authentication would be a much better solution.

Frankly, the authentication code is all over the place and it wouldn't be possible to have a pluggable authentication without replacing a ton of core code (thus the risk of large breaking bugs). While putting OpenID in, I managed to clean up some of the code but it's still pretty messy in there. I'd be happy to pull OpenID out to a plugin once the core can support it as a plugin. I'd propose we revisit pulling OpenID (and other features you've mentioned) out to plugins once the core has a stronger API to support them.

Kevin Menard wrote:

That's not to say that it couldn't work as a plugin, but I don't want to have to spend an inordinate amount of time to make the system usable. I also suspect this would get used more than the LDAP integration would by the general populace.

I've seen the same, OpenID is used more often in the public than LDAP (but LDAP is used more often on private intranets).

Actions #17

Updated by Eric Davis about 15 years ago

  • Status changed from Resolved to Closed

Closing as fixed. This requires database changes so it's 0.9 only and doesn't need to be merged into 0.8.x.

Actions #18

Updated by Go MAEDA over 2 years ago

Actions

Also available in: Atom PDF