Top Menu

Jump to content
Home
    • Projects
    • Work packages
    • News
    • Getting started
    • Introduction video
      Welcome to OpenProject Community
      Get a quick overview of project management and team collaboration with OpenProject. You can restart this video from the help menu.

    • Help and support
    • User guides
    • Videos
    • Shortcuts
    • Community forum
    • Professional support

    • Additional resources
    • Data privacy and security policy
    • Digital accessibility (DE)
    • OpenProject website
    • Security alerts / Newsletter
    • OpenProject blog
    • Release notes
    • Report a bug
    • Development roadmap
    • Add and edit translations
    • API documentation
  • Sign in
      Forgot your password?
      Create a new account

      or sign in with your existing account

      Google

Side Menu

  • Overview
  • Activity
  • Roadmap
  • Work packages
  • Calendars
  • Team planners
  • Boards
  • Forums
  • Wiki
    • Table of contents
      • Expanded. Click to collapseCollapsed. Click to showDeveloper
        • Hierarchy leafAccessibility Checklist
        • Hierarchy leafCode Review Guidelines
        • Expanded. Click to collapseCollapsed. Click to showContribution
          • Hierarchy leafGit Workflow
          • Hierarchy leafTranslations
        • Expanded. Click to collapseCollapsed. Click to showDeveloping Plugins
          • Hierarchy leafDeveloping an OmniAuth Authentication Plugin
        • Hierarchy leafRelease Process
        • Hierarchy leafReport a bug
        • Hierarchy leafSecurity
        • Hierarchy leafSetting up an OpenLDAP server for testing
        • Hierarchy leafTheme Features
      • Hierarchy leafDownload
      • Expanded. Click to collapseCollapsed. Click to showFeature tour
        • Hierarchy leafRelease Notes OpenProject 30
        • Expanded. Click to collapseCollapsed. Click to showRelease Notes OpenProject 30 - Overview
          • Hierarchy leafGlossary
          • Hierarchy leafRelease Notes - Accessibility
          • Hierarchy leafRelease Notes - Accessibility changes
          • Hierarchy leafRelease Notes - Add work package queries as menu items to sidebar
          • Hierarchy leafRelease Notes - Copy projects based on Templates
          • Hierarchy leafRelease Notes - Design changes
          • Hierarchy leafRelease Notes - Fixed Bugs
          • Hierarchy leafRelease Notes - Keyboard Shortcuts
          • Hierarchy leafRelease Notes - Project settings
          • Hierarchy leafRelease Notes - Ruby&Rails Update
          • Hierarchy leafRelease Notes - Security
          • Hierarchy leafRelease Notes - Timelines
          • Hierarchy leafRelease Notes - Work packages
      • Hierarchy leafHowto create animated gifs
      • Hierarchy leafMigration Squashing
      • Hierarchy leafMod security
      • Hierarchy leafNew work package page
      • Hierarchy leafOP3 to OP4 Debian upgrade
      • Hierarchy leafOP4 Ubuntu1404 Stable with MySQL in production
      • Hierarchy leafOpenProject 40 Development Setup
      • Expanded. Click to collapseCollapsed. Click to showOpenProject Foundation
        • Hierarchy leafBoards
        • Hierarchy leafMembers
        • Hierarchy leafOPF-Meetings
        • Hierarchy leafStatutes
      • Expanded. Click to collapseCollapsed. Click to showRelease Notes
        • Hierarchy leafOpenProject released on Bitnami
      • Expanded. Click to collapseCollapsed. Click to showRelease Notes OpenProject 40 - Overview
        • Hierarchy leafRelease Notes OpenProject 40 - Accessibility improvements
        • Hierarchy leafRelease Notes OpenProject 40 - Column header functions in work package table
        • Hierarchy leafRelease Notes OpenProject 40 - Improved Design
        • Hierarchy leafRelease Notes OpenProject 40 - Integrated query title on work package page
        • Hierarchy leafRelease Notes OpenProject 40 - Integrated toolbar on work package page
        • Hierarchy leafRelease Notes OpenProject 40 - OmniAuth integration for OpenProject
        • Hierarchy leafRelease Notes OpenProject 40 - Work package details pane
      • Expanded. Click to collapseCollapsed. Click to showSecurity and privacy
        • Hierarchy leafFAQ
      • Expanded. Click to collapseCollapsed. Click to showSupport
        • Expanded. Click to collapseCollapsed. Click to showDownload and Installation
          • Hierarchy leafInstallation MacOS
          • Expanded. Click to collapseCollapsed. Click to showInstallation OpenProject 3 0
            • Hierarchy leafDebian Stable with MySQL in production
            • Hierarchy leafInstallation Ubuntu
            • Hierarchy leafInstallation Windows
            • Hierarchy leafInstallation on Centos 65 x64 with Apache and PostgreSQL 93
          • Expanded. Click to collapseCollapsed. Click to showInstallation OpenProject 40
            • Hierarchy leafOP4 Debian Stable with MySQL in production
          • Expanded. Click to collapseCollapsed. Click to showMigration paths
            • Hierarchy leafFrom Chilliproject to OpenProject
            • Hierarchy leafMigration 15 to 30
            • Hierarchy leafMigration 24 to 30
            • Hierarchy leafMigration Redmine 2x › OpenProject 30
            • Hierarchy leafOpenProject 3 Migration
          • Hierarchy leafOpenProject 40
        • Expanded. Click to collapseCollapsed. Click to showNews
          • Hierarchy leafNew OpenProject Translations Plugin
          • Hierarchy leafNew Plugin on OpenProjectorg Local Avatars
          • Hierarchy leafNew design for OpenProject
          • Hierarchy leafNews Accessibility workshop for OpenProject
          • Hierarchy leafNews Glossary for OpenProject
          • Hierarchy leafNews Heartbleed fixed
          • Hierarchy leafNews Icon Fonts
          • Hierarchy leafNews OpenProject 30 Release
          • Hierarchy leafNews Release GitHub Integration Plugin
          • Hierarchy leafNews Success Story Deutsche Telekom
          • Hierarchy leafNews Timelines
          • Hierarchy leafOpenProject 3013 released
          • Hierarchy leafOpenProject 3017 released
          • Hierarchy leafOpenProject 40 released
          • Hierarchy leafOpenProject 40 will be coming soon
          • Hierarchy leafOpenProject 405 released
          • Hierarchy leafOpenProject and pkgrio
          • Hierarchy leafOpenProject news moved to a new blog
          • Hierarchy leafOpenProjectBitnami
          • Hierarchy leafPackager version with plugins released ("Community edition")
          • Hierarchy leafRegistration OpenProject-Foundation
          • Hierarchy leafRelease OpenProject AuthPlugins
          • Hierarchy leafUpdates on OpenProject
          • Hierarchy leafWe need your feedback for the the new fullscreen view for work packages
        • Hierarchy leafOpenProject Plug-Ins
      • Expanded. Click to collapseCollapsed. Click to showWiki
        • Hierarchy leaf2nd Level Support
You are here:
  • Forums
  • Plugins

Content

How to configure OmniAuth OpenID plugin for Google authentication.

Added by Brian Utterback over 5 years ago

I am new to OpenProject, Ruby and Rails. Ideally I would like to have my OpenProject server able to authenticate with Slack, but I don’t know if that is possible. But before I even attempt that, I want to get it working with Google authentication.

Unfortunately, I am unable to make hide nor hare of any of the myriad messages and discussions I have found from people who have attempted it and run into trouble. Often they don’t say what they did up until the point that their problems started, or what they do say doesn’t seem to match my installation (7.0.2). It seems like there are so many people who have posted about it that someone might have a “How To” document, but if there is one I don’t know where it is. There was even a reference on one page of using the settings page to configure it, but if that is possible I am afraid I can’t find it. Can anyone help me out?


Replies (2)

RE: How to configure OmniAuth OpenID plugin for Google authentication. - Added by Brian Utterback over 5 years ago

After quite a bit of experimentation, I finally got the Google auth request partially working. I can see the Google option in the sign in drop down and when I click it it takes me to the google page. But after I select an account, I get an Openproject “Internal Error” page at the /auth/callback address. The system syslog says this:

Jun 30 23:35:07 host1 openproject-web-1.service[1162]: I, [2017-06-30T23:35:07.363121 #1719] INFO — omniauth: (google) Callback phase initiated.
Jun 30 23:35:07 host1 openproject-web-1.service[1162]: E, [2017-06-30T23:35:07.363792 #1719] ERROR — omniauth: (google) Authentication failure! missing_code: OmniAuth::OpenIDConnect::MissingCodeError, immediate_failed
Jun 30 23:35:07 host1 openproject-web-1.service[1162]: I, [2017-06-30T23:35:07.412697 #1719] INFO — omniauth: (google) Request phase initiated.
Jun 30 23:35:15 host1 openproject-web-1.service[1162]: I, [2017-06-30T23:35:15.510725 #1719] INFO — omniauth: (google) Callback phase initiated.

The other_vhosts_access.log file has this:

host1:443 xx.69.254.fff - - [30/Jun/2017:23:35:07 –0400] “GET /auth/google HTTP/1.1” 302 1373 “https://host1/” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”

host1:443 xx.69.254.fff - - [30/Jun/2017:23:35:07 –0400] “GET /auth/google/callback?state=75lotsofhexstuffad51&error_subtype=access_denied&error=immediate_failed HTTP/1.1” 302 684 “https://host1/” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”

host1:443 xx.69.254.fff - - [30/Jun/2017:23:35:07 –0400] “GET /auth/google?origin=https%3A%2F%2Fhost1%2F&prompt=login HTTP/1.1” 302 1223 “https://host1/” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”

host1:443 xx.69.254.fff - - [30/Jun/2017:23:35:15 –0400] “GET /auth/google/callback?state=25b9lotofhexstuffd4e&code=4/SfRkmorehexA3X-juhexhex1llGI&authuser=0&hd=mydomain.org&session_state=eeadehexstuff48d90c..50e3&prompt=none HTTP/1.1” 500 2352 “https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=10digits23-r5krandomchars8lmj.apps.googleusercontent.com&as=365hexf0&destination=https%3A%2F%2Fhost1&approval_state=!ChRVVThIR09RUzBlotsofrandomcharsiRHp4VQ%E2%88%99ADiIGyEAAAAAWVhp66Zd__fiRFV2wTuXPNkS8VsK7WND&xsrfsig=AHgIfE-2TMj5C-Cdastuffw&flowName=GeneralOAuthFlow” “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36”

I changed my sites FQDN to host1, and replaced the middle of the strings for security reasons, since I don’t know what might leak important info.

And finally the production.log file has this:

W, [2017-06-30T23:50:45.476377 #1719] WARN — : You are setting a key that conflicts with a built-in method OmniAuth::Strategy::Options#display defined in Kernel. This can cause unexpected behavior when accessing the key via as a property. You can still access the key via the #[] method.
F, [2017-06-30T23:50:45.600656 #1719] FATAL — :
F, [2017-06-30T23:50:45.600733 #1719] FATAL — : JSON::JWS::VerificationFailed (JSON::JWS::VerificationFailed):
F, [2017-06-30T23:50:45.600757 #1719] FATAL — :
F, [2017-06-30T23:50:45.600776 #1719] FATAL — : app/middleware/reset_current_user.rb:47:in `call’

The first line is repeated multiple times before that one with the same timestamp.

Any ideas?

RE: How to configure OmniAuth OpenID plugin for Google authentication. - Added by Sascha Rüger almost 5 years ago

I have the same problem, not with Google but when trying to set up our own provider.

Strangely, in the the provider admin panel (keycloak) I see the user as active session.

The redirect fails with internal server ewrror. the uri is of the form:

https://myopenproject-url/auth/puzzlesso/callback?session_state=…random.characters…&code=…random.characters..

production.log shows:

...
...
F, [2018-04-19T16:00:16.258079 #151] FATAL -- : JSON::JWS::VerificationFailed (JSON::JWS::VerificationFailed):

Anyone an idea what happened there?

These are thje settings I set within the rails console:

Setting["plugin_openproject_openid_connect"] = {
  "providers" => {
     "myprovidername" => {
       "display_name" => "Login with Blabla",
       "identifier" => "my_identifier",
       "secret" => "********************************",
       "scheme" => "https",
       "host" => "provider_url",
       "token_endpoint" => "/auth/realms/pitc/protocol/openid-connect/token",
       "userinfo_endpoint" => "/auth/realms/pitc/protocol/openid-connect/userinfo",
       "authorization_endpoint" => "/auth/realms/pitc/protocol/openid-connect/auth",
       "scope" => "openid",
       "sso" => "true",
       "discovery" => "false",
       "issuer" =>  "myopenproject-url/login",
       "client_auth_method" => "redirect",
       "end_session_endpoint" =>  "https://myopenproject-url/auth/end_session",
       "check_session_iframe" =>  "https://myopenproject-url/auth/check_session",
       "redirect_uri" => "https://myopenproject-url/auth/puzzlesso/callback"
    }
  }
}
  • (1 - 2/2)
Loading...