Redmine is is a flexible project management web application. Written using the Ruby on Rails framework, it is cross-platform and cross-database.
It can be configured to authenticate users with OpenID Connect with a plugin.
Make sure you have already enabled OpenID Connect on your LemonLDAP::NG server.
Make sure you have generated a set of signing keys in
OpenID Connect Service
» Security
» Keys
You also need to set a Signing key ID to a non-empty value of your choice.
Then, add a Relaying Party with the following configuration:
my_client_id
my_client_secret
https://my_redmine_server/oic/local_login
On
RS512
https://my_redmine_server/oic/local_logout
Define exported attributes:
email
family_name
given_name
name
nickname
: the user loginTo transfer groups:
member_of
exported attribute as an arraygroups
whith value member_of
member_of
which will return ["admin"]
is user is administrator and ["user"]
else.Install OpenID Connect plugin.
Go in Redmine admin console and configure the OpenID Connect plugin:
my_client_id
https://auth.example.com/
my_client_secret
openid profile email groups
admin
Attention
A bug has been reported, you must apply a patch if you transfer groups.
Note
To bypass SSO, you can connect to https://my_redmine_server/login?local_login=true