Skip to content
This repository has been archived by the owner on Jun 22, 2018. It is now read-only.
/ redmine_ssl_auth Public archive
forked from koke/redmine_ssl_auth

Enable authentication in Redmine using SSL client certificates

Notifications You must be signed in to change notification settings

mlocher/redmine_ssl_auth

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Redmine SSL auth plugin

This redmine plugin enables authentication using SSL client certificates

Usage

It’s very simple

  • Install the plugin: ruby script/plugin install git://github.com/koke/redmine_ssl_auth.git

  • Configure apache for SSL authentication (see Configuration)

  • Visit YOURSITE/login and it will login automatically

Notes

  • This plugin expects the CN of the certificate to be an email address

  • A user with that email address should exist in the database

  • This doesn’t check any password, so implement certificate verification in Apache

  • You can visit /login?skip_ssl=1 to skip SSL authentication and do regular login

Configuration

Nice tutorial: www.vanemery.com/Linux/Apache/apache-SSL.html

In my case, I find this to be the configuration I wanted

SSLEngine on
SSLProtocol all 
SSLCipherSuite HIGH:MEDIUM

SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCACertificateFile /etc/apache2/ssl/ca.crt

SetEnvIf User-Agent ".*MSIE.*" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0

SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
SSLOptions +FakeBasicAuth

<Location /login/ssl>
  SSLVerifyClient require
</Location>

<Location />
   AuthName "eBox HQ"
   AuthType Basic
   AuthUserFile /etc/apache2/passwd/team
   #Require valid-user
</Location>

By making SSLVerifyClient optional and commenting Require valid-user, it’s possible to login without a certificate, using the regular login/password. A link is shown in the login form to require SSL authentication, see the Location /login/ssl section in the apache configuration.

If you want to force your users to use certificates, change SSLVerifyClient to require and uncomment Require valid-user

Questions

To [email protected]

Please, don’t ask about apache configuration. I don’t know much more than it’s already here. Email about the plugin (bugs, patches, suggestions, …) is welcome :)

About

Enable authentication in Redmine using SSL client certificates

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%