Forge Overview and Subversion Services

Single Signon

All users log in at and use single-signon from there to log into forge.
  • The SSO Adapter which creates the users in the local database resides in /var/www/vhosts/
  • The password is transferred to with SSO as well, and stored in encrypted form.

HTTP Authentication with Single-Signon

  • SVN uses the same login credentials as That's why we needed a method to check a http authentication against an external database. To our rescue came mod_auth_external, which provides us exactly that.
  • mod_auth_external uses a script residing in /home/forge/svn-helpers/apache-svn-authenticator.php which checks the usernames and passwords against the redmine database.
  • With the following snippet in an htaccess file, you can enable external authentication against this database:
     AuthType Basic
     AuthName Administration
     AuthBasicProvider external
     AuthExternal forge-auth
     Require user Enter-Users-Here

Redmine live and development instance

The redmine development instance uses a different database than the live instance. It is reachable at As the devel instance uses the encrypted usernames and passwords stored in the forge database, everybody who at least logged in once on forge can log in on the development instance.

Steps for a change

  • first change the things you need in /var/rails/
  • If the change is ready and well-tested, commit the change to git by doing git commit -a
  • Update the live (/var/rails/ instance with git pull and restart the live instance with touch /var/rails/
  • Check that the live instance still works and the new feature runs

How to update Redmine on forge

  • first, go to, i.e. /var/rails/
  • then do a "svn update" -- the changes are pulled from the redmine SVN repository.
  • Look for conflicts, and review the changes with "git diff"
  • if all is fine, commit the changes with "git commit -a"
  • then, do the same as above ("How to change something on forge")


  • We use several SVN repositories which are all located in subdirectories of /var/svn.
    • The subdirectories correspond to the structure below.
  • If you browse, the first directories are delivered from the apache server.
  • If the user clicks on a link where a repository is located (f.e. mod_svn kicks in and answers the request.
    • This is configured in /usr/local/etc/apache22/vhosts.d/svn.conf


(Bold entries are SVN repositories)

  • TYPO3v4
    • Core
    • Extensions
    • CoreProjects
  • FLOW3
  • TYPO3v5
  • Teams

SVN Authentication

  • As the authentication of users is done through mod_auth_external (explained above), we only have to care about per-directory access control for the users.
  • Every repository has an authz file in conf/authz which is being managed by redmine.
    • Do not change this file by hand, as it is completely rewritten on changes by redmine!
  • If somebody joins a project or gets a role assigned which is either Member or Leader, then all authz files are automatically written.
  • TODO - explain more

Redmine SVN-Plugin (flow_svn_permission)

  • Caused by the fact that this is an open source project you can download the redmine-plugin and all other stuff that is needed for integrating subversion control in redmine:

Updated by Peter Niederlag over 9 years ago · 13 revisions