Feature #699
closedOpenID login
Added by Antonio Tapiador almost 17 years ago. Updated over 15 years ago.
100%
Description
Supporting OpenID login would facilitate User registration, as well as incorporating collaborators to projects.
Related issues
Updated by Michael Pirogov almost 17 years ago
Updated by Antonio Tapiador almost 17 years ago
Is there any interest in a path?
I could send it
Updated by Stephanie Collett over 16 years ago
Is there anymore traction on this? We would like this functionality as well, but would rather not break-away from the codebase.
Updated by Thomas Lecavelier over 16 years ago
Antonio, you should post your patch in the patch tracker: it should interest many people.
Updated by Antenore Gatta over 16 years ago
I would like also to have OpenID functionality, are there any chances it will be implemented?
Thanks a lot
BR
Antenore.
Updated by Jan Ivar Beddari over 16 years ago
Another vote from me. I come from an enterprise environment where OpenID could solve SSO for our internal network/intranet in one swoop, using openid-ldap on top of our existing Active Directory. This will be a lot easier to handle in the long run than integrating each and every app through apache+kerberos or ldaps.
Updated by Eric Davis about 16 years ago
- Status changed from New to 7
- Assignee set to Eric Davis
I'd like to add OpenID login and registrations in Redmine. I get several collaborators on my projects and it would make things a lot easier if they could use OpenID to signup. I'm hoping to get this into 0.8 but I'm not promising anything yet.
Updated by Eric Davis almost 16 years ago
- Status changed from 7 to Resolved
- Target version set to 0.9.0
- % Done changed from 0 to 100
- Resolution set to Fixed
I've added OpenID support to Redmine. It's optional and by default is turned off. To turn it on, go to the Administration panel > Authentication and select the OpenID checkbox. When enabled this will allow users to login through their OpenID url.
New user registration¶
If a new user account tries logs in with their OpenID, the system will create a user for them and then process the account like normal (e.g. needs administrator approval or needs email confirmation).
Existing users¶
Existing users can edit their account ('/my/account') and add their OpenID to the identity_url field. Then they will be able to login using OpenID.
Sponser¶
I'd like to thank Reiner Jung of Keyboard Monkeys for sponsoring this feature. Without him, it would have been awhile before I was able to work on it.
Technical information¶
- I did some refactoring to AccountController in order to reduce the duplication.
- The openid rubygem is included in vendor/gems
- The open_id_authentication plugin is included in vendor/plugins
- We might want to refactor OpenID to act like an AuthSource later. Right now AuthSources are assumed to be LDAP and since I don't have a LDAP server to test with I didn't go that route and potentially break LDAP logins.
Commits¶
Updated by Go MAEDA almost 16 years ago
Eric Davis, thanks for your great work.
But it seems that openid rubygem in vendor/gems is not used. I saw the following error while migrating database. It was resolved after I installed ruby-openid.
$ rake db:migrate (in /Users/maeda/NetBeansProjects/redmine) Missing these required gems: ruby-openid >= 2.0.4 You're running: ruby 1.8.7.5000 at /usr/local/bin/ruby rubygems 1.3.1 at /Users/maeda/.gem/ruby/1.8, /usr/local/lib/ruby/gems/1.8 Run `rake gems:install` to install the missing gems.
My environment:
$ ruby -v ruby 1.8.7 (2008-11-15 revision 0) [i386-darwin9.5.1] $ gem list rails *** LOCAL GEMS *** rails (2.2.2, 2.1.2, 2.1.1, 2.1.0) $ svn info Path: . URL: http://redmine.rubyforge.org/svn/trunk Repository Root: http://redmine.rubyforge.org/svn Repository UUID: e93f8b46-1217-0410-a6f0-8f06a7374b81 Revision: 2450 Node Kind: directory Schedule: normal Last Changed Author: edavis10 Last Changed Rev: 2450 Last Changed Date: 2009-02-12 04:45:53 +0900 (木, 12 2 2009)
Updated by Eric Davis almost 16 years ago
Go MAEDA wrote:
Eric Davis, thanks for your great work.
But it seems that openid rubygem in vendor/gems is not used. I saw the following error while migrating database. It was resolved after I installed ruby-openid.
Thanks, can you retry it with r2452? The open_id plugin was trying to load an older version of the gem which wasn't in vendor. I ended up changing the plugin so it used the bundled gem.
Updated by Jean-Philippe Lang almost 16 years ago
I'm pretty sad to see that this feature got integrated into the core.
IMHO, it's a marginal feature. Adding dependencies and bundling gems in vendor/plugins doesn't make the application easier to maintain.
That's exactly the kind of thing that I'd like to see implemented as a plugin. Eric, you made a great job on plugins, why didn't you give it a try ? Having a plugable authentication would be a much better solution.
Updated by Kevin Menard almost 16 years ago
For what it's worth, I'm happy to see it in core. While not a Redmine developer, as a user it's great to have this out of the box. One of the problems I've been running into is that people just don't want to create yet another account on some random Web site (i.e., mine). I actually had a partner on an open source project opt to go with Lighthouse and Google groups because of the hurdle in creating yet another account on yet another site.
That's not to say that it couldn't work as a plugin, but I don't want to have to spend an inordinate amount of time to make the system usable. I also suspect this would get used more than the LDAP integration would by the general populace.
Updated by Eric Davis almost 16 years ago
Jean-Philippe Lang wrote:
I'm pretty sad to see that this feature got integrated into the core.
IMHO, it's a marginal feature. Adding dependencies and bundling gems in vendor/plugins doesn't make the application easier to maintain.
I'm sorry you feel that way. I've spoken to numerous people on IRC and in real life and every one of them agreed that it would be a great feature for the core. Lowering the barrier to entry for new users makes the system as a whole easier to get started with.
That's exactly the kind of thing that I'd like to see implemented as a plugin. Eric, you made a great job on plugins, why didn't you give it a try ? Having a plugable authentication would be a much better solution.
Frankly, the authentication code is all over the place and it wouldn't be possible to have a pluggable authentication without replacing a ton of core code (thus the risk of large breaking bugs). While putting OpenID in, I managed to clean up some of the code but it's still pretty messy in there. I'd be happy to pull OpenID out to a plugin once the core can support it as a plugin. I'd propose we revisit pulling OpenID (and other features you've mentioned) out to plugins once the core has a stronger API to support them.
Kevin Menard wrote:
That's not to say that it couldn't work as a plugin, but I don't want to have to spend an inordinate amount of time to make the system usable. I also suspect this would get used more than the LDAP integration would by the general populace.
I've seen the same, OpenID is used more often in the public than LDAP (but LDAP is used more often on private intranets).
Updated by Eric Davis over 15 years ago
- Status changed from Resolved to Closed
Closing as fixed. This requires database changes so it's 0.9 only and doesn't need to be merged into 0.8.x.
Updated by Go MAEDA almost 3 years ago
- Related to Feature #35755: Drop OpenID support added