Authenticate via HTTP Remote User
Project description
Allow users to be automatically logged in
This module initialize the session by looking for the field HTTP_REMOTE_USER in the HEADER of the HTTP request and trying to bind the given value to a user. To be active, the module must be installed in the expected databases and loaded at startup; Add the –load parameter to the startup command:
--load=web,web_kanban,auth_from_http_remote_user, ...
If the field is found in the header and no user matches the given one, the system issue a login error page. (401 Unauthorized)
Use case.
The module allows integration with external security systems [1] that can pass along authentication of a user via Remote_User HTTP header field. In many cases, this is achieved via server like Apache HTTPD or nginx proxying Odoo.
How to test the module with Apache [2]
Apache can be used as a reverse proxy providing the authentication and adding the required field in the Http headers.
Install apache:
$ sudo apt-get install apache2
Define a new vhost to Apache by putting a new file in /etc/apache2/sites-available:
$ sudo vi /etc/apache2/sites-available/MY_VHOST.com
with the following content:
<VirtualHost *:80>
ServerName MY_VHOST.com
ProxyRequests Off
<Location />
AuthType Basic
AuthName "Test Odoo auth_from_http_remote_user"
AuthBasicProvider file
AuthUserFile /etc/apache2/MY_VHOST.htpasswd
Require valid-user
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader set Remote-User "%{RU}e" env=RU
</Location>
RequestHeader unset Remote-User early
ProxyPass / http://127.0.0.1:8069/ retry=10
ProxyPassReverse / http://127.0.0.1:8069/
ProxyPreserveHost On
</VirtualHost>
Enable the required apache modules:
$ sudo a2enmod headers $ sudo a2enmod proxy $ sudo a2enmod rewrite $ sudo a2enmod proxy_http
Enable your new vhost:
$ sudo a2ensite MY_VHOST.com
Create the htpassword file used by the configured basic authentication:
$ sudo htpasswd -cb /etc/apache2/MY_VHOST.htpasswd admin admin $ sudo htpasswd -b /etc/apache2/MY_VHOST.htpasswd demo demo
For local test, add the MY_VHOST.com in your /etc/vhosts file.
Finally reload the configuration:
$ sudo service apache2 reload
Open your browser and go to MY_VHOST.com. If everything is well configured, you are prompted for a login and password outside Odoo and are automatically logged in the system.
Bug Tracker
Bugs are tracked on GitHub Issues. In case of trouble, please check there if your issue has already been reported. If you spotted it first, help us smashing it by providing a detailed and welcomed feedback.
Credits
Images
Odoo Community Association: Icon.
Contributors
Laurent Mignon <laurent.mignon@acsone.eu>
Maintainer
This module is maintained by the OCA.
OCA, or the Odoo Community Association, is a nonprofit organization whose mission is to support the collaborative development of Odoo features and promote its widespread use.
To contribute to this module, please visit https://odoo-community.org.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file odoo9_addon_auth_from_http_remote_user-9.0.1.0.0.99.dev3-py2-none-any.whl.
File metadata
- Download URL: odoo9_addon_auth_from_http_remote_user-9.0.1.0.0.99.dev3-py2-none-any.whl
- Upload date:
- Size: 29.9 kB
- Tags: Python 2
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
dbf8e48fd091aa5da6b37983729208631e67dcc1aa8f7efdd85d33e11ccbd600
|
|
| MD5 |
4a92514c8837636b266af8038c045bda
|
|
| BLAKE2b-256 |
930f29b399985e9f5d5cac2911c3b82c9e117239986fd989aba36ed561a5ba43
|
