mirror of
https://github.com/bringout/oca-server-auth.git
synced 2026-04-18 10:12:01 +02:00
Initial commit: OCA Server Auth packages (29 packages)
This commit is contained in:
Ernad Husremovic
commit
3ed80311c4
1325 changed files with 127292 additions and 0 deletions
244
odoo-bringout-oca-server-auth-auth_oidc/auth_oidc/README.rst
Normal file
244
odoo-bringout-oca-server-auth-auth_oidc/auth_oidc/README.rst
Normal file
|
|
@ -0,0 +1,244 @@
|
|||
=============================
|
||||
Authentication OpenID Connect
|
||||
=============================
|
||||
|
||||
..
|
||||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
!! This file is generated by oca-gen-addon-readme !!
|
||||
!! changes will be overwritten. !!
|
||||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
!! source digest: sha256:f94abf0fc8ee2d5c9fde9f36b0b3ece7a612d0e4338f01a71b5e8fc0d1be0f72
|
||||
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
|
||||
.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
|
||||
:target: https://odoo-community.org/page/development-status
|
||||
:alt: Beta
|
||||
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
|
||||
:target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
|
||||
:alt: License: AGPL-3
|
||||
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
|
||||
:target: https://github.com/OCA/server-auth/tree/16.0/auth_oidc
|
||||
:alt: OCA/server-auth
|
||||
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
|
||||
:target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_oidc
|
||||
:alt: Translate me on Weblate
|
||||
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
|
||||
:target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
|
||||
:alt: Try me on Runboat
|
||||
|
||||
|badge1| |badge2| |badge3| |badge4| |badge5|
|
||||
|
||||
This module allows users to login through an OpenID Connect provider
|
||||
using the authorization code flow or implicit flow.
|
||||
|
||||
Note the implicit flow is not recommended because it exposes access
|
||||
tokens to the browser and in http logs.
|
||||
|
||||
**Table of contents**
|
||||
|
||||
.. contents::
|
||||
:local:
|
||||
|
||||
Installation
|
||||
============
|
||||
|
||||
This module depends on the
|
||||
`python-jose <https://pypi.org/project/python-jose/>`__ library, not to
|
||||
be confused with ``jose`` which is also available on PyPI.
|
||||
|
||||
Configuration
|
||||
=============
|
||||
|
||||
Setup for Microsoft Azure
|
||||
-------------------------
|
||||
|
||||
Example configuration with OpenID Connect authorization code flow.
|
||||
|
||||
1. configure a new web application in Azure with OpenID and code flow
|
||||
(see the `provider
|
||||
documentation <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-provider>`__))
|
||||
|
||||
2. in this application the redirect url must be be "<url of your
|
||||
server>/auth_oauth/signin" and of course this URL should be reachable
|
||||
from Azure
|
||||
|
||||
3. create a new authentication provider in Odoo with the following
|
||||
parameters (see the `portal
|
||||
documentation <https://docs.microsoft.com/en-us/powerapps/maker/portals/configure/configure-openid-settings>`__
|
||||
for more information):
|
||||
|
||||
|image|
|
||||
|
||||
|image1|
|
||||
|
||||
Single tenant provider limits the access to user of your tenant, while
|
||||
Multitenants allow access for all AzureAD users, so user of foreign
|
||||
companies can use their AzureAD login without an guest account.
|
||||
|
||||
- Provider Name: Azure AD Single Tenant
|
||||
- Client ID: Application (client) id
|
||||
- Client Secret: Client secret
|
||||
- Allowed: yes
|
||||
- replace {tenant_id} in urls with your Azure tenant id
|
||||
|
||||
or
|
||||
|
||||
- Provider Name: Azure AD Multitenant
|
||||
- Client ID: Application (client) id
|
||||
- Client Secret: Client secret
|
||||
- Allowed: yes
|
||||
|
||||
|image2|
|
||||
|
||||
- Auth Link Params: Add {'prompt':'select_account'} to the auth link to
|
||||
get the account selection screen |image3|
|
||||
|
||||
Setup for Keycloak
|
||||
------------------
|
||||
|
||||
Example configuration with OpenID Connect authorization code flow.
|
||||
|
||||
In Keycloak:
|
||||
|
||||
1. configure a new Client
|
||||
2. make sure Authorization Code Flow is Enabled.
|
||||
3. configure the client Access Type as "confidential" and take note of
|
||||
the client secret in the Credentials tab
|
||||
4. configure the redirect url to be "<url of your
|
||||
server>/auth_oauth/signin"
|
||||
|
||||
In Odoo, create a new Oauth Provider with the following parameters:
|
||||
|
||||
- Provider name: Keycloak (or any name you like that identify your
|
||||
keycloak provider)
|
||||
- Auth Flow: OpenID Connect (authorization code flow)
|
||||
- Token Map : many options are possible like
|
||||
``preferred_username:user_id`` or ``email:user_id`` . This can be
|
||||
combined
|
||||
- Client ID: the same Client ID you entered when configuring the client
|
||||
in Keycloak
|
||||
- Client Secret: found in keycloak on the client Credentials tab
|
||||
- Allowed: yes
|
||||
- Body: the link text to appear on the login page, such as Login with
|
||||
Keycloak
|
||||
- Scope: openid email
|
||||
- Authentication URL: The "authorization_endpoint" URL found in the
|
||||
OpenID Endpoint Configuration of your Keycloak realm
|
||||
- Token URL: The "token_endpoint" URL found in the OpenID Endpoint
|
||||
Configuration of your Keycloak realm
|
||||
- JWKS URL: The "jwks_uri" URL found in the OpenID Endpoint
|
||||
Configuration of your Keycloak realm
|
||||
|
||||
.. |image| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-api_permissions.png
|
||||
.. |image1| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-optional_claims.png
|
||||
.. |image2| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/odoo-azure_ad_multitenant.png
|
||||
.. |image3| image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/static/description/oauth-microsoft_azure-select_account.png
|
||||
|
||||
Usage
|
||||
=====
|
||||
|
||||
On the login page, click on the authentication provider you configured.
|
||||
|
||||
Known issues / Roadmap
|
||||
======================
|
||||
|
||||
- When going to the login screen, check for a existing token and do a
|
||||
direct login without the clicking on the SSO link
|
||||
- When doing a logout an extra option to also logout at the SSO
|
||||
provider.
|
||||
|
||||
Changelog
|
||||
=========
|
||||
|
||||
16.0.1.1.0 2024-02-28
|
||||
---------------------
|
||||
|
||||
- Forward port OpenID Connect fixes from 15.0 to 16.0
|
||||
|
||||
16.0.1.0.2 2023-11-16
|
||||
---------------------
|
||||
|
||||
- Readme link updates
|
||||
|
||||
16.0.1.0.1 2023-10-09
|
||||
---------------------
|
||||
|
||||
- Add AzureAD code flow provider
|
||||
|
||||
16.0.1.0.0 2023-01-27
|
||||
---------------------
|
||||
|
||||
- Odoo 16 migration
|
||||
|
||||
15.0.1.0.0 2023-01-06
|
||||
---------------------
|
||||
|
||||
- Odoo 15 migration
|
||||
|
||||
14.0.1.0.0 2021-12-10
|
||||
---------------------
|
||||
|
||||
- Odoo 14 migration
|
||||
|
||||
13.0.1.0.0 2020-04-10
|
||||
---------------------
|
||||
|
||||
- Odoo 13 migration, add authorization code flow.
|
||||
|
||||
10.0.1.0.0 2018-10-05
|
||||
---------------------
|
||||
|
||||
- Initial implementation
|
||||
|
||||
Bug Tracker
|
||||
===========
|
||||
|
||||
Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
|
||||
In case of trouble, please check there if your issue has already been reported.
|
||||
If you spotted it first, help us to smash it by providing a detailed and welcomed
|
||||
`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_oidc%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
|
||||
|
||||
Do not contact contributors directly about support or help with technical issues.
|
||||
|
||||
Credits
|
||||
=======
|
||||
|
||||
Authors
|
||||
-------
|
||||
|
||||
* ICTSTUDIO
|
||||
* André Schenkels
|
||||
* ACSONE SA/NV
|
||||
|
||||
Contributors
|
||||
------------
|
||||
|
||||
- Alexandre Fayolle <alexandre.fayolle@camptocamp.com>
|
||||
- Stéphane Bidoul <stephane.bidoul@acsone.eu>
|
||||
- David Jaen <david.jaen.revert@gmail.com>
|
||||
- Andreas Perhab <andreas.perhab@wt-io-it.at>
|
||||
|
||||
Maintainers
|
||||
-----------
|
||||
|
||||
This module is maintained by the OCA.
|
||||
|
||||
.. image:: https://odoo-community.org/logo.png
|
||||
:alt: Odoo Community Association
|
||||
:target: https://odoo-community.org
|
||||
|
||||
OCA, or the Odoo Community Association, is a nonprofit organization whose
|
||||
mission is to support the collaborative development of Odoo features and
|
||||
promote its widespread use.
|
||||
|
||||
.. |maintainer-sbidoul| image:: https://github.com/sbidoul.png?size=40px
|
||||
:target: https://github.com/sbidoul
|
||||
:alt: sbidoul
|
||||
|
||||
Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
|
||||
|
||||
|maintainer-sbidoul|
|
||||
|
||||
This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/auth_oidc>`_ project on GitHub.
|
||||
|
||||
You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
|
||||
Loading…
Add table
Add a link
Reference in a new issue