redmine omniauth oauth cas

CAS OAuth2 plugin/client for Redmine. It allows authentication and creation of users in Redmine using Apereo CAS 5+ as OAuth provider.

pbelikov
6
4
Ruby

Rate at redmine.org

This plugin is no longer maintained. Please, feel free to fork and update šŸ˜ƒ

Redmine omniauth OAuth2 / CAS / ISU

This plugin is used to authenticate Redmine users using CAS OAuth2 provider (ā€œAuthorization Codeā€ grant type).
It is primarily intended to work with ITMO university ISU system https://isu.ifmo.ru.

Version of CAS: 5.0

Version of Redmine: 3.2.3 (as of publish date, other versions should work as well), 3.3, 3.3.2

Features

  • login
  • logout
  • automatic user creation

Installation

  1. Download the plugin and install required gems:
cd /path/to/redmine/plugins
git clone https://github.com/pbelikov/redmine-omniauth-oauth-cas.git
mv redmine-omniauth-oauth-cas redmine_omniauth_isu
cd /path/to/redmine
bundle install

  1. IMPORTANT! Plugin is used to work without proxy and to override issues with SSL-certificate.
    So, if you use proxy, please go to app/controllers/redmine_oauth_controller.rb and comment line 7
    (which disables proxy). And if your SSL is OK, go to the same file and comment code in line 5 and part of code in line 39.
    Yes, I know that this is BAD codestyle, but itā€™ll work for sure.

  2. Restart the app

touch /path/to/redmine/tmp/restart.txt

Configuration

  • Login as a user with administrative privileges.
  • In top menu select ā€œAdministrationā€.
  • Click ā€œPluginsā€
  • In plugins list, click ā€œConfigureā€ in the row for ā€œRedmine Omniauth ISU pluginā€
  • Enter CAS URL
  • Enter the Š”lient ID & Client Secret, which you entered for your CAS Service (see more here).
  • Check the box near ā€œOauth authenticationā€
  • Click Apply.

Users can now use their CASified Account to log in to your instance of Redmine.

Authentication Workflow

  1. An unauthenticated user requests the URL to your Redmine instance.
  2. User clicks the ā€œLogin via ā€¦ā€ buton.
  3. The plugin redirects them to a CAS sign in page if they are not already signed in to their CAS account.
  4. CAS redirects user back to Redmine, where the CAS OAuth pluginā€™s controller takes over.

Profile format

User information in CAS /cas/oauth2.0/profile for successful login or creation of user has following format:

{
    "attributes": {
        "redmine_login":"ivan",
        "redmine_attrs":"Ivan|Ivanov|[email protected]"
    },
    "id": 123456789
}

Additional info

This plugin overrides Redmineā€™s autoregistration feature so user is created automatically if all required fields
are provided (login, firstname, lastname, email). Uniqueness of user is checked against login.

Known issues

Unfortunately, this plugin somehow conflicts with another plugin, called ā€œRedmine Wiki Extensions Pluginā€ by r-labs.

Inspiration

This plugin is inspired by twinslash plugin Redmine omniauth google.

Contribution

Please do not hesitatate to contribute to this project. As I know, there is still no official CAS OAuth2 (as client) support in Redmine, so maybe this plugin could help many people. Also I know that code of this plugin is far from good, maybe you could use your Ruby skills to make it better.