Redmine is is a flexible project management web application. Written using the Ruby on Rails framework, it is cross-platform and cross-database.
It can be configured to authenticate users with OpenID Connect with a plugin.
Make sure you have already enabled OpenID Connect on your LemonLDAP::NG server.
Make sure you have generated a set of signing keys in
OpenID Connect Service »
You also need to set a Signing key ID to a non-empty value of your choice.
Then, add a Relaying Party with the following configuration:
Options » Basic » Client ID : choose a client ID, such as
Options » Basic » Client Secret : choose a client secret, such as
Options » Basic » Allowed redirection address :
Options » Advanced » Force claims to be returned in ID Token :
Options » Security » ID Token Signature Algorithm :
Options » Logou( » Allowed redirection address for logout :
Define exported attributes:
nickname: the user login
To transfer groups:
member_ofexported attribute as an array
Declare a new scope named
Create a local macro
member_ofwhich will return
["admin"]is user is administrator and
Install OpenID Connect plugin.
Go in Redmine admin console and configure the OpenID Connect plugin:
Enabled: check the box
OpenID Connect server url:
OpenID Connect scopes:
openid profile email groups
Authorized group: leave blank
How often to retrieve openid configuration: leave blank
Disable Ssl Validation: uncheck the box
Login Selector: uncheck the box
Create user if not exists: check the box
Users from the following auth sources will be required to login with SSO: do not select anythin
A bug has been reported, you must apply a patch if you transfer groups.
To bypass SSO, you can connect to https://my_redmine_server/login?local_login=true