Free
Free Redmine plugin, developed by RM+ team

«Single auth» — plugin for Redmine

Plugin that implements an opportunity of transparent authentication and allows the flexibility to handle security and user authentication in a corporate environment based on Ldap and Active Directory.

 

Plugin features «Single auth»


Implements a transparent user authentication based on the accounts of side authentication server (for example, a domain controller Microsoft active directory) and eliminates the need to enter a password when logging in Redmine.
Allows to display a splash screen that prevents viewing information from the screen, if the user moved away, forgetting lock the computer.
Allows automatic user logout by timeout.
Allows to increase security with two-factor authentication by sending SMS-messages with one-time password (Requires plugin «Hierarchy», and the corporate server of sending SMS-messages).

 
 
 
 

How SSO plugin transparently authenticates user with a domain controller Microsoft Active Directory.

  1. When the user tries to log in Redmine, the browser sends to the web-server information about the user logged into the system.
  2. NTLM-module of web-server (for example, mod_ntlm for Apache server) applies to settings specified in LDAP/AD-server asking for user authentication in a domain.
  3. The domain controller authenticates the user, the authentication module of web-server transmits the user login to a secure server variable.
  4. Redmine plugin «SSO», receives value of the user's login and authorizes it in Redmine.
  5. If the user does not exist in the system, and the ability to create a user on-the-fly is on, it will be automatically created and forwarded to the user's page.

How to install a plugin for transparent authentication in Redmine

  1. Make sure that your server meets the following system requirements:
Web-server Redmine Ruby Rails Database The Browser
Guaranteed Apache + passenger + mod_ntlm 3.0, 3.1, 3.2 1.9.3, 2.0, 2.1, 2.2 3.2, 4.2 PostgreSQL, MySQL Chrome, Firefox, Internet explorer 9, 10
Should work Any Web-server with NTLM authentication > 3.2 > 2.2 x ActiveRecord compatible DB Any modern browser
  1. Open the archive with the plugin and select the folder that match to your Redmine version.
  2. Copy contents of the selected folder to the folder «Redmine» — «plugins».
  3. Ensure that the user, under which you run the web-server, has access to the root installation folder of «Redmine».
    As possible solution for UNIX operating systems, run the following commands:
        sudo chmod 775 -R your_redmine_root_folder
        sudo chown -R your_web_server_group:your_web_server_user your_redmine_folder
  1. Run `bundle install` to install missing gems (make sure performing command in the root installation folder of «Redmine»):
        bundle install
  1. Perform plugin migrations (make sure performing command in the root installation folder of «Redmine»):
        rake redmine:plugins:migrate RAILS_ENV=production
  1. Open Apache virtual host configuration file and configure settings for NTLM authentication of module mod_ntlm.
  • IMPORTANT! NTLM authentication should occur only on the resource /login of your Redmine server. Otherwise, Redmine work will be slowed by continual calls to to the LDAP-server.
          <VirtualHost *:80>

              ServerName redmine.corporation.com
              ServerAlias redmine
              ServerAdmin admin@server.com
              DocumentRoot /var/www/redmine/public
              Options Indexes ExecCGI FollowSymLinks
              PassengerResolveSymlinksInDocumentRoot on
              RailsEnv development
              RailsBaseURI /

              <Directory /var/www/redmine/public>
                  AllowOverride all
                  Options -MultiViews
              </Directory>
              
              <Location /login>
                  AuthType NTLM
                  NTLMAuth on
                  NTLMAuthoritative on
                  NTLMDomain CORPORATION.COM
                  NTLMServer corp-dc1.corporation.com
                  NTLMBackup corp-dc2.corporation.com
                  require valid-user
              </Location>

          </VirtualHost>
        
  1. Restart Apache web-server.:
        sudo service apache2 restart

Redmine settings

  • Go to the «SSO» plugin settings and specify the server variable, which must maintain login of the authenticated user (by default, «REMOTE_USER»).

  • Configure other settings of plugin behavior on your own and save the settings.

  • Go to Redmine settings to section «LDAP authentication» and configure connection to your LDAP-server.

  • Set parameter «On-the-fly user creation», if you want the user to be created automatically in Redmine based on LDAP account at first logon.

  • It is important to set correct attributes for the surname, first name, e-mail and the user's login in LDAP. Also check the correctness of the OU, which you have set. All your users must be in the specified OU.

  • Adjust the general rules of authentication in Redmine.

  • In our own system we use such authentication settings in Redmine, but you can change them according to your requirements.


«Clear Plan» — plugin for easy operational planning and control of execution in Redmine.

We recommend to use together with

«Clear Plan» — plugin for Redmine

«Clear Plan» — plugin for easy operational planning and control of execution in Redmine.


Try Clear Plan for Free