Plugin features «Single auth»
How SSO plugin transparently authenticates user with a domain controller Microsoft Active Directory.
- When the user tries to log in Redmine, the browser sends to the web-server information about the user logged into the system.
- NTLM-module of web-server (for example, mod_ntlm for Apache server) applies to settings specified in LDAP/AD-server asking for user authentication in a domain.
- The domain controller authenticates the user, the authentication module of web-server transmits the user login to a secure server variable.
- Redmine plugin «SSO», receives value of the user's login and authorizes it in Redmine.
- If the user does not exist in the system, and the ability to create a user on-the-fly is on, it will be automatically created and forwarded to the user's page.
How to install a plugin for transparent authentication in Redmine
- Make sure that your server meets the following system requirements:
|Guaranteed||Apache + passenger + mod_ntlm||3.0, 3.1, 3.2||3.2, 4.2||PostgreSQL, MySQL||Chrome, Firefox,
|Should work||Any Web-server with NTLM authentication||> 3.2||> 2.2||x||ActiveRecord compatible DB||Any modern browser|
- Open the archive with the plugin and select the folder that match to your Redmine version.
- Copy contents of the selected folder to the folder «Redmine» — «plugins».
- Ensure that the user, under which you run the web-server, has access to the root installation folder of «Redmine».
As possible solution for UNIX operating systems, run the following commands:
sudo chmod 775 -R your_redmine_root_folder sudo chown -R your_web_server_group:your_web_server_user your_redmine_folder
- Run `bundle install` to install missing gems (make sure performing command in the root installation folder of «Redmine»):
- Perform plugin migrations (make sure performing command in the root installation folder of «Redmine»):
rake redmine:plugins:migrate RAILS_ENV=production
- Open Apache virtual host configuration file and configure settings for NTLM authentication of module mod_ntlm.
- IMPORTANT! NTLM authentication should occur only on the resource /login of your Redmine server. Otherwise, Redmine work will be slowed by continual calls to to the LDAP-server.
<VirtualHost *:80> ServerName redmine.corporation.com ServerAlias redmine ServerAdmin email@example.com DocumentRoot /var/www/redmine/public Options Indexes ExecCGI FollowSymLinks PassengerResolveSymlinksInDocumentRoot on RailsEnv development RailsBaseURI / <Directory /var/www/redmine/public> AllowOverride all Options -MultiViews </Directory> <Location /login> AuthType NTLM NTLMAuth on NTLMAuthoritative on NTLMDomain CORPORATION.COM NTLMServer corp-dc1.corporation.com NTLMBackup corp-dc2.corporation.com require valid-user </Location> </VirtualHost>
- Restart Apache web-server.:
sudo service apache2 restart
Go to the «SSO» plugin settings and specify the server variable, which must maintain login of the authenticated user (by default, «REMOTE_USER»).
Configure other settings of plugin behavior on your own and save the settings.
Go to Redmine settings to section «LDAP authentication» and configure connection to your LDAP-server.
Set parameter «On-the-fly user creation», if you want the user to be created automatically in Redmine based on LDAP account at first logon.
It is important to set correct attributes for the surname, first name, e-mail and the user's login in LDAP. Also check the correctness of the OU, which you have set. All your users must be in the specified OU.
Adjust the general rules of authentication in Redmine.
In our own system we use such authentication settings in Redmine, but you can change them according to your requirements.