Redmine is is a flexible project management web application. Written using the Ruby on Rails framework, it is cross-platform and cross-database.
It can be configured to authenticate users with OpenID Connect with a plugin.
Make sure you have already enabled OpenID Connect on your LemonLDAP::NG server.
Make sure you have generated a set of signing keys in
OpenID Connect Service »
You also need to set a Signing key ID to a non-empty value of your choice.
Then, add a Relaying Party with the following configuration:
- Options » Basic » Client ID : choose a client ID, such as
- Options » Basic » Client Secret : choose a client secret, such as
- Options » Basic » Allowed redirection address :
- Options » Advanced » Force claims to be returned in ID Token :
- Options » Security » ID Token Signature Algorithm :
- Options » Logou( » Allowed redirection address for logout :
Define exported attributes:
nickname: the user login
To transfer groups:
member_ofexported attribute as an array
- Declare a new scope named
- Create a local macro
member_ofwhich will return
["admin"]is user is administrator and
Install OpenID Connect plugin.
Go in Redmine admin console and configure the OpenID Connect plugin:
- Enabled: check the box
- Client ID:
- OpenID Connect server url:
- Client Secret:
- OpenID Connect scopes:
openid profile email groups
- Authorized group: leave blank
- Admins group:
- How often to retrieve openid configuration: leave blank
- Disable Ssl Validation: uncheck the box
- Login Selector: uncheck the box
- Create user if not exists: check the box
- Users from the following auth sources will be required to login with SSO: do not select anythin
A bug has been reported, you must apply a patch if you transfer groups.
To bypass SSO, you can connect to https://my_redmine_server/login?local_login=true