An AuthSource subclass for Redmine to allow logging in via Gmail and/or Hosted Google Apps accounts
Pull request Compare This branch is 1 commit ahead of EvanK:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Google ClientLogin Authentication for Redmine

NOTE: This is still in an very early non-stable state (ie: may break without warning or reason).


First of all, you may need to install the Google Data APIs Ruby Utility Library. I've verified this code works with as early as version 1.1.0 of the gem.

sudo gem install gdata

Next, insert a new record into your Redmine's auth_sources table. An example insert can be found in the included auth_source.sql file. Items of note in said SQL include:

  • account - The default domain to authenticate against, for example a Google Apps hosted domain
  • base_dn - The accountType that we should use for authenticating, see ClientLogin documentation for more details
  • onthefly_register - Yes, if this source authenticates the user then Redmine should create an internal record for them (w/o password info)

Finally, place the included auth_source_clientlogin.rb file in your Redmine codebase under app/models/ and restart Redmine.

But wait...Something's not working!

If you have followed the above instructions, check any known issues. If that doesn't shed any light, please feel free to file a new issue.

What if I already have users set up with the built-in authentication?

Changing their authentication method is fairly trivial if my experience is any indication. That said, it does require some direct changes to your backend database, so before you try this you should make a complete and current backup of your database if you don't already have one. I shall repeat this because it bears repeating: you should make a complete and up-to-date backup of your Redmine database before doing any of the following steps!

First things first, the user(s) you're meddling with should have their email address in Redmine set to a Gmail or Google Apps address that supports the ClientLogin protocol.

Now, assuming you've installed our new AuthSource subclass, we need its unique id from the auth_sources table. We can get this with a simple SQL query:

mysql> SELECT id FROM auth_sources WHERE type='AuthSourceClientLogin';
| id |
|  1 |
1 row in set

Now, for the user(s) we're going to modify, we'll need to change the login field to their current email address, clear their hashed_password, and set their auth_source_id to the value we retrieved in the previous step:

mysql> UPDATE users SET login=mail, hashed_password='', auth_source_id=1 WHERE login='evan';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

The user(s) in question should now be able to login with their Google-hosted email address and password! Note that their username has actually changed from whatever it was before to their full email address!