Background: We use Google apps for our company and are using this plugin to allow users to sign into redmine with their Google account on our domain.
Issue: When a user is logged into their personal gmail account and not their work account (this happens, for example, when users are working from home or using their smart phones), they just get the _notice_domain_notallowed error message and are dropped back into the redmine login page. This creates an endless loop with no obvious indication that the user needs to sign into their Google apps account on our domain.
Workaround: Google's hd parameter restricts the login to the specified hosted domain. Adding
:hd => 'domain.com'
to the _oauth_client.auth_code.authorizeurl() call in _redmine_oauthcontroller.rb correctly brings users to a Google login page if they're logged into different Google account so that fixes our use case.
Problem: It would be nice to use the _alloweddomains setting for this and have a checkbox to restrict to a hosted domain. The problem is that _alloweddomains is an array and hd only allows a single domain so there's not a one-to-one mapping. Adding a separate textfield input for a hosted domain is an option but it seems redundant.
If anyone has any ideas I'd be happy to do some hacking and submit a patch.
Background: We use Google apps for our company and are using this plugin to allow users to sign into redmine with their Google account on our domain.
Issue: When a user is logged into their personal gmail account and not their work account (this happens, for example, when users are working from home or using their smart phones), they just get the _notice_domain_notallowed error message and are dropped back into the redmine login page. This creates an endless loop with no obvious indication that the user needs to sign into their Google apps account on our domain.
Workaround: Google's hd parameter restricts the login to the specified hosted domain. Adding
to the _oauth_client.auth_code.authorizeurl() call in _redmine_oauthcontroller.rb correctly brings users to a Google login page if they're logged into different Google account so that fixes our use case.
Problem: It would be nice to use the _alloweddomains setting for this and have a checkbox to restrict to a hosted domain. The problem is that _alloweddomains is an array and hd only allows a single domain so there's not a one-to-one mapping. Adding a separate textfield input for a hosted domain is an option but it seems redundant.
If anyone has any ideas I'd be happy to do some hacking and submit a patch.