Hi all,
the Redmine developers released version 5.0 some months ago and updating to this version will have some effects on us. So, I would like to open a thread to discuss these issues with you and how we deal with that situation.
Currently, we are on the 4.2 branch and it still gets security and bug fixes, but I can't tell at which point they will stop supporting it.
We enabled the login over OpenID, which is implemented natively and not integrated over a plugin. With version 5.0, support for that was removed. I assume this is due to that the implementation is based on an older OpenID standard and there are not many users of it anymore (TM). The newer standard seems to be called "OpenID Connect", but it's not supported by Redmine.
Also, we are using a plugin which allows the login over a Google account. The compatibility of that plugin breaks with version 5.0.
The problem is that we have users for both and with version 5.0 they won't be able to use these methods anymore.
However, I have an idea for a solution. I took a look at the Redmine database and I played around with the Google login method. My tests showed that it creates a normal user account, as it is done with the registration, just with the little difference that no password is set disabling the login over password. These accounts also have an user name and an email address. As soon as I set a password, I was able to login using the user name.
So, my idea is that we just go with these changes and affected users use the functionality to reset their password, which means they will have a "normal" user account then. In preparation to that version update, we should disable these login methods so that no new users will make use of them.
Other ideas? What's your opinion?
// Felix