Is it possible to hide the normal login/password prompt through config when a instance just needs OAuth login

[srsree]

In few use cases, once OAuth is enabled and configured, login/ password prompts are no longer relevant. Is it possible to allow an option in setup to disable showing the login/password prompts?

The default approach needs us to tamper with code or write a wrapper.

[col-panic]

Is there any plan on implementing this feature? Unfortunately I'm not a ruby developer, but I could assist in testing the plugin! Thanks

[picman]

So, please test the devel branch. There is a new option to hide the login form in plugin's settings.

[col-panic]

Thank you, I'll try - at the moment I'm having a problem with

In Gemfile:
  oauth2 was resolved to 2.0.9, which depends on
    multi_xml was resolved to 0.7.1, which depends on
      bigdecimal

where the native compilation fails

Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

    current directory: /usr/local/bundle/gems/bigdecimal-3.1.7/ext/bigdecimal
/usr/local/bin/ruby extconf.rb
checking for __builtin_clz()... *** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers.  Check the mkmf.log file for more details.  You may
need configuration options.

I'm using https://hub.docker.com/_/redmine#5.1 guess I'll have to open an issue on that ...

[srsree]

Sure. Will try.

Regards, sree

Sreekanth S Rameshaiah Executive Director Mahiti +91-98455-12611 http://mahiti.org On 6 May 2024 at 1:18 PM +0530, Karel Pičman @.***>, wrote:

So, please test the devel branch. There is a new option to hide the login form in plugin's settings. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

[col-panic]

The error exists since multi_xml 0.7.0 https://rubygems.org/gems/multi_xml/versions/0.7.0, prior to this there was no dependency to bigdecimal. This is really a pain and led to https://github.com/docker-library/redmine/discussions/328

[col-panic]

This looks good - thank you very much! I see that the login form is not visible anymore, and I could successfully login using keycloak and no password form was shown. After some first test the following points come into question:

• What if there is some problem in using the oauth login? How can I re-active the default username/password form without logging in?
• [DOCUMENTATION] Document the mapping for existing users - for me it worked correct (does oauth2 preferred_username map to redmine userid?)
• [DOCUMENTATION/ENHANCEMENT] How does Redmine 2FA relate to oauth2 authentication? Is it still in effect? IMHO this should not be the case, or a configurable option.
• [DOCUMENTATION] Relationship oauth2 session and redmine session time.
• [ENHANCEMENT] Optionally require a certain client role to allow login. (e.g. the oauth2 user must have the client role redmine-user to be allowed login in the system)
• [ENHANCEMENT] If password login is disabled, and oauth2 is the only login-method, could there be a "skip-press-button" option? Where I don't have to manually press the login button to trigger oauth2 authentication? (https://github.com/kontron/redmine_oauth/issues/32)
• [ENHANCEMENT] Can the "Administrator" role be mapped (configurable)? That is, the oauth2 idp asserts the client role administrator if yes then user becomes or stays administrator, else looses admin right.
• [ENHANCEMENT] Discussion: How to use oauth2 authentication with the redmine api? https://www.redmine.org/projects/redmine/wiki/rest_api#Authentication
• [ENHANCEMENT] Support SSO logoff: Currently pressing Logoff in redmine only closes the redmine session. Optionally a full SSO logoff should be possible.

[picman]

Add 1) I've added there a collapsible login form. In case of need a user can click on the arrow and will see the normal login form. What do you think about it?

Add the rest) Please create dedicated issues fir each problem otherwise it is unmanageable.

[col-panic]

Add 1) I've added there a collapsible login form. In case of need a user can click on the arrow and will see the normal login form. What do you think about it?

Add the rest) Please create dedicated issues fir each problem otherwise it is unmanageable.

I think this depends on https://github.com/kontron/redmine_oauth/issues/30 and https://github.com/kontron/redmine_oauth/issues/32. Another option would be to offer a route like https://my.redmine.info?login_method=userpass to enforce login via a specific method. I don't know however if such is route can be done via a plugin.

[col-panic]

It might be also sufficient (as this is a "problem only" solution) to document the ruby call to unset the option. So that if there is a persistent problem logging in using oauth2, the system administrator may use an operating system call to re-activate password login. I am not sure, where redmine stores configuration, but it might also be enough to document on how to re-activate password login via an SQL parameter!

[picman]

I consider the original request as solved. For other requests, please create dedicated issues for each problem.