Saml2 Authentication

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for OCA from gravatar.com OCA

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU Affero General Public License v3 (AGPL-3)

Author: XCG Consulting, Odoo Community Association (OCA)

Requires: Python >=3.5

Classifiers

Project description

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runbot

Let users log into Odoo via an SAML2 provider.

This module allows to deport the management of users and passwords in an external authentication system to provide SSO functionality (Single Sign On) between Odoo and other applications of your ecosystem.

Benefits:

  • Reducing the time spent typing different passwords for different accounts.

  • Reducing the time spent in IT support for password oversights.

  • Centralizing authentication systems.

  • Securing all input levels / exit / access to multiple systems without prompting users.

  • The centralization of access control information for compliance testing to different standards.

Table of contents

Installation

This addon requires lasso.

Configuration

To use this module, you need an IDP server, properly set up. Go through the “Getting started” section for more information.

Getting started with Authentic2

This is quick howto to help setup a service provider that will be able to use the IDP from Authentic2

We will mostly cover how to setup your rsa keys and certificates

Creating the certs

Use easy-rsa from the easy-rsa package (or from the openvpn project)

Example script below with comment saying what you should do between each command:

#clean your vars

source ./vars

./build-dh
./pkitool --initca

#change your vars to math a new client cert

source ./vars

./pkitool myclient

Congratulations, you now have a client certificate signed by a shiny new CA under you own private control.

Configuring authentic

We will not describe how to compile requirements nor start an authentic server.

Just log into your authentic admin panel:

https://myauthenticserver/admin

and create a new “liberty provider”.

You’ll need to create a metadata xml file from a template (TODO)

You’ll need to make sure it is activated and that the default protocol rules are applied (ie: the requests are signed and signatures are verified)

Configuring Odoo

  1. Go to Settings > Activate the developer mode.

  2. Configure your auth provider going to Settings > Users & Companies > SAML Providers > Create. Your provider should provide you all that info.

  3. Go to Settings > Users & Companies > Users and edit each user that will authenticate through SAML.

  4. Go to the SAML tab and fill both fields.

  5. Go to Settings > General settings and uncheck Allow SAML users to posess an Odoo password if you want your SAML users to authenticate only through SAML.

Usage

  1. Configure it (see corresponding section in README)

  2. Just login with your SAML-provided password.

Known issues / Roadmap

  • Checks to ensure no Odoo user with SAML also has an Odoo password.

  • Setting to disable that rule.

Changelog

2.0

  • SAML tokens are not stored in res_users anymore to avoid locks on that table

Bug Tracker

Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us smashing it by providing a detailed and welcomed feedback.

Do not contact contributors directly about support or help with technical issues.

Credits

Authors

  • XCG Consulting

Contributors

Maintainers

This module is maintained by the OCA.

Odoo Community Association

OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.

This module is part of the OCA/server-auth project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for OCA from gravatar.com OCA

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU Affero General Public License v3 (AGPL-3)

Author: XCG Consulting, Odoo Community Association (OCA)

Requires: Python >=3.5

Classifiers

Release history Release notifications | RSS feed

12.0.1.0.1.99.dev1 pre-release

This version

12.0.1.0.1

12.0.1.0.0.99.dev4 pre-release

12.0.1.0.0.99.dev2 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

odoo12_addon_auth_saml-12.0.1.0.1-py3-none-any.whl (41.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page