Redmine plugin to use Amazon ALB for user authentication.
This plugin verifies the JWT from the X-Amzn-Oidc-Data header with every request and makes users logged-in based on the email claim.
Note that this plugin does not create users, so users must be pre-created.
>= 5.0.5
Clone this repository to the Redmine plugins directory.
$ cd path/to/redmine
$ git clone -b v0.2.1 https://github.com/arkedge/redmine_amzn_alb_authn ./plugins/redmine_amzn_alb_authn
Run bundle install to install the depended gems listed in PluginGemfile.
$ bundle install
And execute the database migration.
$ bin/rails redmine:plugins:migrate
The plugin can be configured using the following environment variables:
REDMINE_AMZN_ALB_AUTHN_KEY_ENDPOINT- (required) Public key endpoint, e.g.,
https://public-keys.auth.elb.ap-northeast-1.amazonaws.comwhen the ALB is in theap-northeast-1region.
- (required) Public key endpoint, e.g.,
REDMINE_AMZN_ALB_AUTHN_ALB_ARN- (required) The ARN of the Application Load Balancer expected by the
signerfield in the JWT header.
- (required) The ARN of the Application Load Balancer expected by the
REDMINE_AMZN_ALB_AUTHN_ISS- If set, the plugin will verify that the
issclaim has the same value.
- If set, the plugin will verify that the
Since Redmine loads plugin's Gemfile,
the required gems for plugin development are listed in Gemfile.local.
$ bundle config --local gemfile Gemfile.local
$ bundle install
$ bundle exec rake