Before you start
- Redmine 6.x (5.1.x supported in beta — see compatibility notes)
- MySQL 8 or PostgreSQL
- Admin access to Redmine and your OIDC identity provider
- Official package from the download form or clone from GitHub
1. Install the plugin
Docker (official Redmine image)
# Extract the tarball into your plugins volume
tar -xzf redmine_sso_suite-0.9.0-beta.tar.gz -C /path/to/redmine/plugins/
# Restart Redmine
docker compose restart redmineBare metal
cd /path/to/redmine/plugins
tar -xzf ~/Downloads/redmine_sso_suite-0.9.0-beta.tar.gz
# Symlink name must be redmine_sso_suite
sudo systemctl restart redmine # or your process managerVerify under Administration → Plugins that Redmine SSO Suite (Community) v0.9.0-beta appears.
2. Register the OAuth redirect URI
In your IdP, create an OIDC client and set the redirect URI to:
https://YOUR-REDMINE-HOST/sso/oauth/callbackCopy the issuer URL, client ID, and client secret (if confidential client).
3. Configure the plugin
- Go to Administration → Plugins → Redmine SSO Suite → Configure
- Enable SSO login
- Paste issuer URL, client ID, and secret
- Leave Enforce SSO for non-admin off until you verify login works
- Save — validation will reject invalid URLs
Docker split-host setups
Set Issuer URL (server-side) to the internal hostname and Public issuer URL to the browser-facing host. See the Keycloak guide for a worked example.
4. Test login
- Open an incognito window → Redmine login page
- Click Sign in with SSO
- Authenticate at your IdP
- Confirm a JIT user is created (if auto-create is enabled)
- Confirm admin can still use password login (break-glass)
5. Optional: enforce SSO
After staging verification, enable Enforce SSO for non-admin users. Administrators retain local password login.
Troubleshooting
- Invalid state after IdP redirect
- Docker issuer URL mismatch
- Open a support request (Community bugs → GitHub Issues)
Need hands-on help?
Optional Install Assist ($349) covers a fixed-scope remote install for one IdP. The plugin stays free.