HowTo configure a single sign-on into Redmine from an other App on the same server » History » Version 4

Vignesh Kumar, 2017-09-02 06:17

1 4 Vignesh Kumar
h1. HowTo configure a single sign-on into Redmine from the other App on the same server
2 1 Patrick Ludikhuyze
3 1 Patrick Ludikhuyze
We had an App on our server and wanted to integrate Redmine into it.
4 4 Vignesh Kumar
We configured a LDAP authentication which made it possible for users to log in with the same username and password.
5 4 Vignesh Kumar
But I didn't much like them needing to log in again every time they needed to open Redmine helpdesk/issue tracking part of our site.
6 1 Patrick Ludikhuyze
7 1 Patrick Ludikhuyze
Therefore I configured my App to create an autologin token for Redmine whenever they open the Redmine menu option.
8 1 Patrick Ludikhuyze
9 1 Patrick Ludikhuyze
h3. Basic Steps
10 1 Patrick Ludikhuyze
11 1 Patrick Ludikhuyze
* Create/update Redmine user reference (e.g. update user name, forename and e-mail address every time in case they changed)
12 1 Patrick Ludikhuyze
  The same way LDAP authentication reads the info from my Apps tables, I now create or update the user from my App into Redmine user table.
13 4 Vignesh Kumar
  This also ensures that any modification to user name and email are properly synced to Redmine long after initial creation.
14 1 Patrick Ludikhuyze
15 1 Patrick Ludikhuyze
* Configure Redmine to allow Autologin (Settings - Authentication) for the minimal 1 day
16 4 Vignesh Kumar
  We also chose to not use Self-registration but that could be site specific.
17 4 Vignesh Kumar
  OpenID and Rest API authentication is not required for this to work; it depends on your use of Redmine.
18 1 Patrick Ludikhuyze
19 1 Patrick Ludikhuyze
* Configure the use of autologin cookie also in config/configuraion.yml
20 3 Denis Savitskiy
21 3 Denis Savitskiy
autologin_cookie_name: autologin
22 3 Denis Savitskiy
autologin_cookie_path: /
23 3 Denis Savitskiy
autologin_cookie_secure: false
24 3 Denis Savitskiy
25 1 Patrick Ludikhuyze
26 1 Patrick Ludikhuyze
  P.S. I tried renaming the cookie without immediate success but it wasn't too important for me to use an other cookie name so I didn't pursue it further.
27 1 Patrick Ludikhuyze
28 1 Patrick Ludikhuyze
* Delete existing autologin token from Redmine DB
29 3 Denis Savitskiy
30 3 Denis Savitskiy
SQL> delete from redminedb.tokens where action = 'autologin' and user_id = ...;
31 3 Denis Savitskiy
32 1 Patrick Ludikhuyze
33 1 Patrick Ludikhuyze
* Create our new autologin token into Redmine DB
34 1 Patrick Ludikhuyze
  Create an sha1 hash of some secret/personal variable for the user and write it into the tokens table (e.g. 4277e87755e03ca3ad3b343ede51971dec52852b)
35 3 Denis Savitskiy
36 3 Denis Savitskiy
SQL> insert into redminedb.tokens (user_id, action, value, created_on) values (...,'autologin','4277e87755e03ca3ad3b343ede51971dec52852b',now());
37 3 Denis Savitskiy
38 1 Patrick Ludikhuyze
39 1 Patrick Ludikhuyze
* Create cookie with autologin token
40 1 Patrick Ludikhuyze
  This will be specific to your App but here's the syntax for PHP using above generated sha1 with a validity of 4 hours:
41 3 Denis Savitskiy
42 3 Denis Savitskiy
setcookie('autologin', '4277e87755e03ca3ad3b343ede51971dec52852b', time()+60*60*4, '/', '');
43 3 Denis Savitskiy
44 1 Patrick Ludikhuyze
45 4 Vignesh Kumar
  Be sure the cookie domain covers both your domain and your Redmine domain (e.g. when you install in a sub-URI).
46 1 Patrick Ludikhuyze
47 1 Patrick Ludikhuyze
* Sanitise command line to forward URL arguments to Redmine
48 4 Vignesh Kumar
  I also configured Redmine Host name and path (Settings - General) to point at the Redmine menu option in my App.  So when Redmine sends emails, the click through URLs go through my App, request the proper login and pass the rest of the URL to Redmine.
49 1 Patrick Ludikhuyze
  That would be site specific but shouldn't be too hard.
50 1 Patrick Ludikhuyze
51 1 Patrick Ludikhuyze
That should do the trick!
52 1 Patrick Ludikhuyze
53 1 Patrick Ludikhuyze
Happy Redmining ;-)