SAML e additional plugins.
This commit is contained in:
parent
3255e73e01
commit
39305e766c
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
redmine_major_version: 4
|
redmine_major_version: 4
|
||||||
redmine_minor_version: 2
|
redmine_minor_version: 2
|
||||||
redmine_patch_version: 0
|
redmine_patch_version: 10
|
||||||
redmine_load_balanced: False
|
redmine_load_balanced: False
|
||||||
redmine_load_balanced_main_instance: True
|
redmine_load_balanced_main_instance: True
|
||||||
redmine_version: '{{ redmine_major_version }}.{{ redmine_minor_version }}.{{ redmine_patch_version }}'
|
redmine_version: '{{ redmine_major_version }}.{{ redmine_minor_version }}.{{ redmine_patch_version }}'
|
||||||
|
@ -162,6 +162,34 @@ rm_openid_connect_plugin_url: https://github.com/devopskube/redmine_openid_conne
|
||||||
rm_openid_connect_plugin: False
|
rm_openid_connect_plugin: False
|
||||||
rm_dashboard_plugin_url: https://github.com/akpaevj/dashboard.git
|
rm_dashboard_plugin_url: https://github.com/akpaevj/dashboard.git
|
||||||
rm_dashboard_plugin: False
|
rm_dashboard_plugin: False
|
||||||
|
rm_additionals_plugin: false
|
||||||
|
rm_additionals_plugin_url: "https://github.com/AlphaNodes/additionals.git"
|
||||||
|
rm_additionals_plugin_branch: stable
|
||||||
|
rm_saml_plugin: false
|
||||||
|
rm_saml_plugin_url: "https://github.com/alphanodes/redmine_saml.git"
|
||||||
|
rm_saml_branch: stable
|
||||||
|
rm_saml_entity_id: 'redmine_saml'
|
||||||
|
rm_saml_assertion_consumer_service_url: "http://redmine.local/auth/saml/callback"
|
||||||
|
rm_saml_issuer: "https://redmine.local/auth/saml/metadata"
|
||||||
|
rm_saml_single_logout_service_url: "https://redmine.local/auth/saml/sls"
|
||||||
|
rm_saml_idp_sso_target_url: "https://idp.local/auth/realms/realm/protocol/saml"
|
||||||
|
rm_saml_idp_cert: "cert string without begin and end sections"
|
||||||
|
# Use "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" for the email
|
||||||
|
rm_saml_name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
|
||||||
|
rm_saml_signout_url: "https://idp.local/auth/realms/realm/protocol/saml"
|
||||||
|
rm_saml_idp_slo_target_url: "https://idp.local/auth/realms/realm/protocol/saml"
|
||||||
|
rm_saml_attribute_mapping:
|
||||||
|
- name: login
|
||||||
|
value: "extra|raw_info|username"
|
||||||
|
- name: mail
|
||||||
|
value: "extra|raw_info|email"
|
||||||
|
- name: firstname
|
||||||
|
value: "extra|raw_info|first_name"
|
||||||
|
- name: lastname
|
||||||
|
value: "extra|raw_info|last_name"
|
||||||
|
- name: admin
|
||||||
|
value: "extra|raw_info|admin"
|
||||||
|
|
||||||
# Used by unicorn
|
# Used by unicorn
|
||||||
unicorn_listen_port: 4000
|
unicorn_listen_port: 4000
|
||||||
unicorn_listen_address: 127.0.0.1
|
unicorn_listen_address: 127.0.0.1
|
||||||
|
|
|
@ -37,7 +37,7 @@
|
||||||
tags: [ 'redmine', 'redmine_plugins', 'rm_ldap_sync' ]
|
tags: [ 'redmine', 'redmine_plugins', 'rm_ldap_sync' ]
|
||||||
|
|
||||||
- name: Redmine login audit plugin
|
- name: Redmine login audit plugin
|
||||||
ansible.builtin.ansible.builtin.git:
|
ansible.builtin.git:
|
||||||
repo: '{{ rm_login_audit_url }}'
|
repo: '{{ rm_login_audit_url }}'
|
||||||
dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_login_audit'
|
dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_login_audit'
|
||||||
update: false
|
update: false
|
||||||
|
@ -300,6 +300,17 @@
|
||||||
when: rm_omniauth_plugin
|
when: rm_omniauth_plugin
|
||||||
tags: [ 'redmine', 'redmine_plugins', 'rm_oauth', 'rm_omniauth' ]
|
tags: [ 'redmine', 'redmine_plugins', 'rm_oauth', 'rm_omniauth' ]
|
||||||
|
|
||||||
|
- name: Remove the omniauth Oauth plugin
|
||||||
|
ansible.builtin.file:
|
||||||
|
dest: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
loop:
|
||||||
|
- "{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_omniauth_client"
|
||||||
|
- "{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/public/plugin_assets/redmine_omniauth_client"
|
||||||
|
notify: Reload unicorn
|
||||||
|
when: not rm_omniauth_plugin
|
||||||
|
tags: ['redmine', 'redmine_plugins', 'rm_oauth', 'rm_omniauth']
|
||||||
|
|
||||||
- name: Install the OpenId connect plugin
|
- name: Install the OpenId connect plugin
|
||||||
ansible.builtin.git:
|
ansible.builtin.git:
|
||||||
repo: '{{ rm_openid_connect_plugin_url }}'
|
repo: '{{ rm_openid_connect_plugin_url }}'
|
||||||
|
@ -310,6 +321,39 @@
|
||||||
when: rm_openid_connect_plugin
|
when: rm_openid_connect_plugin
|
||||||
tags: [ 'redmine', 'redmine_plugins', 'rm_oidc', 'rm_openid_connect' ]
|
tags: [ 'redmine', 'redmine_plugins', 'rm_oidc', 'rm_openid_connect' ]
|
||||||
|
|
||||||
|
- name: Install the additionals plugin
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: '{{ rm_additionals_plugin_url }}'
|
||||||
|
dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/additionals'
|
||||||
|
version: "{{ rm_additionals_plugin_branch }}"
|
||||||
|
update: false
|
||||||
|
notify:
|
||||||
|
- Bundle install and reconfigure redmine
|
||||||
|
when: rm_additionals_plugin or rm_saml_plugin
|
||||||
|
tags: ['redmine', 'redmine_plugins', 'rm_saml', 'rm_additionals']
|
||||||
|
|
||||||
|
- name: Install the SAML auth plugin
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: '{{ rm_saml_plugin_url }}'
|
||||||
|
dest: '{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/additionals'
|
||||||
|
version: "{{ rm_saml_branch }}"
|
||||||
|
update: false
|
||||||
|
notify:
|
||||||
|
- Bundle install and reconfigure redmine
|
||||||
|
when: rm_saml_plugin
|
||||||
|
tags: ['redmine', 'redmine_plugins', 'rm_saml']
|
||||||
|
|
||||||
|
- name: Configure the SAML plugin
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: saml.rb.j2
|
||||||
|
dest: "{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/config/initializers/saml.rb"
|
||||||
|
owner: root
|
||||||
|
group: redmine
|
||||||
|
mode: 0440
|
||||||
|
notify: Reload unicorn
|
||||||
|
when: rm_saml_plugin
|
||||||
|
tags: ['redmine', 'redmine_plugins', 'rm_saml']
|
||||||
|
|
||||||
- name: Install the dashboard plugin
|
- name: Install the dashboard plugin
|
||||||
ansible.builtin.git:
|
ansible.builtin.git:
|
||||||
repo: '{{ rm_dashboard_plugin_url }}'
|
repo: '{{ rm_dashboard_plugin_url }}'
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
require Rails.root.join('plugins/redmine_saml/lib/redmine_saml')
|
||||||
|
require Rails.root.join('plugins/redmine_saml/lib/redmine_saml/base')
|
||||||
|
|
||||||
|
RedmineSaml::Base.configure do |config|
|
||||||
|
config.saml = {
|
||||||
|
sp_entity_id: '{{ rm_saml_entity_id }}',
|
||||||
|
# Redmine callback URL
|
||||||
|
assertion_consumer_service_url: '{{ rm_saml_assertion_consumer_service_url }}',
|
||||||
|
# The issuer name / entity ID. Must be an URI as per SAML 2.0 spec.
|
||||||
|
issuer: '{{ rm_saml_issuer }}',
|
||||||
|
# The SLS (logout) callback URL
|
||||||
|
single_logout_service_url: '{{ rm_saml_single_logout_service_url }}',
|
||||||
|
# SSO login endpoint
|
||||||
|
idp_sso_target_url: '{{ rm_saml_idp_sso_target_url }}',
|
||||||
|
idp_cert: '{{ rm_saml_idp_cert }}',
|
||||||
|
# name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
|
||||||
|
name_identifier_format: '{{ rm_saml_name_identifier_format }}',
|
||||||
|
# Optional signout URL, not supported by all identity providers
|
||||||
|
signout_url: '{{ rm_saml_signout_url }}',
|
||||||
|
idp_slo_target_url: '{{ rm_saml_idp_slo_target_url }}',
|
||||||
|
# Which redmine field is used as name_identifier_value for SAML logout
|
||||||
|
name_identifier_value: 'mail',
|
||||||
|
# overwrite mapping seperator, if required
|
||||||
|
# attribute_mapping_sep: '|',
|
||||||
|
attribute_mapping: {
|
||||||
|
# How will we map attributes from SSO to redmine attributes
|
||||||
|
# using either urn:oid:identifier, or friendly names, e.g.
|
||||||
|
# mail: 'extra|raw_info|urn:oid:0.9.2342.19200300.100.1.3'
|
||||||
|
# or
|
||||||
|
# mail: 'extra|raw_info|email'
|
||||||
|
#
|
||||||
|
# Edit defaults below to match your attributes
|
||||||
|
{% for map in rm_saml_attribute_mapping %}
|
||||||
|
{{ map.name}}: '{{ map.value}}'{% if not loop.last %},{% endif %}
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
config.on_login do |omniauth_hash, user|
|
||||||
|
# Implement any hook you want here
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue