Integrating Azure Active Directory With Redmine Using The OmniAuth Azure Plugin

For our client, a substantial Belgian company with branches in the US & China, we offered to integrate their Azure Active Directory with Redmine. We thought: "Redmine has a native support of LDAP, so this shouldn't be a problem." Every time you say "this shouldn't be a problem," you are in for a treat. 

The Azure Active Directory was relatively new to our client at the time. They had only recently synchronized their users with Azure Active Directory (AAD) using ADConnect, so they thought of using the Azure user database for a single sign-on (SSO) within Redmine. The alternative was creating a duplicate local Redmine user database which seemed far-fetched. Since our client is familiar with Microsoft technologies, the first thing that came to mind was LDAP. 

They assumed that activating LDAP within the Azure directory was just about flipping a switch. Who knew it wasn't. To make LDAP work within Azure, our client needed to set up an extra Azure Active Directory Service. To make a long story short: it turned out to be too complicated and expensive. 

During the process, our client found out that Azure supports oAuth and Saml, newer protocols for user authentication. These protocols are apparently behind "login buttons" everyone is familiar with: log in with Google & log in with Facebook. 

Fortunately, there's a plugin called redmine_omniauth_azure that does the trick. We installed it in our Redmine with no problems. All our client had to do in terms of settings was follow the instructions at https://github.com/Gucin/redmine_omniauth_azure. Our client also had to register an app according to the instructions at https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app and add a redirect URL. The redirect URL is where the user lands after logging into Azure. In our case, it was the base Redmine URL https://client.redmine-x.com. 

In the Redmine plugin, we needed to set up the following fields, which we received from our client. 

Client ID:
Client Secret:
Tenant ID:

To finish the setup, we needed to be able to test the authentication. That's why we asked for a test user within the Azure directory. When logging in for the first time, we needed to add an MFA check (Multi-Factor Authentication) to the test account, so we used https://www.office.com for the initial login. 

After that, we still got an error after logging in using the Azure Active Directory. To solve the problem took us a considerable amount of time and we will be happy to help you out during the integration process.

So the flow is: 

• Users click on the "Login via Azure" button

• Then they get redirected to Azure where they login using their Azure credentials

• They get redirected back to Redmine and get automatically logged in

• If Redmine is set correctly, all users will get a message "Your account was created and is now pending administrator approval."

Warning: if the user tries to log in again, he will get an internal error as Redmine can' t display a human-oriented error message. We know how to solve this and will be happy to help you out.

A few final remarks: 

• Everything was set for a particular Redmine URL. If you need to change the URL in the future, you will need to test this and change all URLs in Azure as well 

• You need to set up notifications. The settings are both in Redmine https://client.redmine-x.com/settings?tab=notifications and on the server in the configuration.yml file in /config. The email addresses have to match. 

So this was our Azure experience. If you need anything like that, we are ready to help you out.

Do You Want a NEW Redmine Experience & Boost Your Productivity?