Authenticate via HTTP Remote User
Project description
This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying to bind the given value to a user. To be active, the module must be installed in the expected databases and loaded at startup; Add the –load parameter to the startup command:
--load=web,web_kanban,auth_from_http_remote_user, ...
If the field is found in the header and no user matches the given one, the system issue a login error page. (401 Unauthorized)
Use case.
The module allows integration with external security systems [1] that can pass along authentication of a user via Remote_User HTTP header field. In many cases, this is achieved via server like Apache HTTPD or nginx proxying Odoo.
How to test the module with Apache [2]
Apache can be used as a reverse proxy providing the authentication and adding the required field in the Http headers.
Install apache:
$ sudo apt-get install apache2
Define a new vhost to Apache by putting a new file in /etc/apache2/sites-available:
$ sudo vi /etc/apache2/sites-available/MY_VHOST.com
with the following content:
<VirtualHost *:80> ServerName MY_VHOST.com ProxyRequests Off <Location /> AuthType Basic AuthName "Test Odoo auth_from_http_remote_user" AuthBasicProvider file AuthUserFile /etc/apache2/MY_VHOST.htpasswd Require valid-user RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set Remote-User "%{RU}e" env=RU </Location> RequestHeader unset Remote-User early ProxyPass / http://127.0.0.1:8069/ retry=10 ProxyPassReverse / http://127.0.0.1:8069/ ProxyPreserveHost On </VirtualHost>
Enable the required apache modules:
$ sudo a2enmod headers $ sudo a2enmod proxy $ sudo a2enmod rewrite $ sudo a2enmod proxy_http
Enable your new vhost:
$ sudo a2ensite MY_VHOST.com
Create the htpassword file used by the configured basic authentication:
$ sudo htpasswd -cb /etc/apache2/MY_VHOST.htpasswd admin admin $ sudo htpasswd -b /etc/apache2/MY_VHOST.htpasswd demo demo
For local test, add the MY_VHOST.com in your /etc/vhosts file.
Finally reload the configuration:
$ sudo service apache2 reload
Open your browser and go to MY_VHOST.com. If everything is well configured, you are prompted for a login and password outside Odoo and are automatically logged in the system.
Contributors
Laurent Mignon
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for odoo8_addon_auth_from_http_remote_user-8.0.1.0.0.99.dev25-py2-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6ff4056d6dbf327a9402d224adf3d0ddbed3024cdcef829199e0d88f9feb192b |
|
MD5 | 534aa01dd03551fa13218c035571c83e |
|
BLAKE2b-256 | 660bc92c7a2c9a5ab601507747009f8d045d10cb9c6fe81a8872ca70f96dc29b |