oca/oca-server-auth
2
0
Fork 0
mirror of https://github.com/bringout/oca-server-auth.git synced 2026-04-18 03:32:01 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
oca-server-auth/odoo-bringout-oca-server-auth-auth_saml/auth_saml
History
Exact
Ernad Husremovic 0ea2649258 chore: bs translation fix sinkroniz→sinhroniz 
🤖 assisted by claude
2026-01-13 17:15:35 +01:00
..
controllers Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
data Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
i18n chore: bs translation fix sinkroniz→sinhroniz 2026-01-13 17:15:35 +01:00
models Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
readme Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
security Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
static/description Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
tests Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
views Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
__init__.py Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
__manifest__.py Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00
README.rst Initial commit: OCA Server Auth packages (29 packages) 2025-08-29 15:43:06 +02:00

README.rst

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

====================
SAML2 Authentication
====================

.. 
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   !! This file is generated by oca-gen-addon-readme !!
   !! changes will be overwritten.                   !!
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   !! source digest: sha256:5aa0ecfdde2bcc32865c5da17331096cb58254161938b36003e6f0baf825107c
   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
    :target: https://odoo-community.org/page/development-status
    :alt: Beta
.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
    :alt: License: AGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
    :target: https://github.com/OCA/server-auth/tree/16.0/auth_saml
    :alt: OCA/server-auth
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_saml
    :alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
    :alt: Try me on Runboat

|badge1| |badge2| |badge3| |badge4| |badge5|

Let users log into Odoo via an SAML2 identity provider.

This module allows to deport the management of users and passwords in an
external authentication system to provide SSO functionality (Single Sign On)
between Odoo and other applications of your ecosystem.

**Benefits**:

* Reducing the time spent typing different passwords for different accounts.

* Reducing the time spent in IT support for password oversights.

* Centralizing authentication systems.

* Securing all input levels / exit / access to multiple systems without
  prompting users.

* The centralization of access control information for compliance testing to
  different standards.

**Table of contents**

.. contents::
   :local:

Installation
============

This addon requires the python module ``pysaml2``.

``pysaml2`` requires the binary ``xmlsec1`` (on Debian or Ubuntu you can install it with ``apt-get install xmlsec1``)

Configuration
=============

To use this module, you need an IDP server, properly set up.

#. Configure the module according to your IdPs instructions
   (Settings > Users & Companies > SAML Providers).
#. Pre-create your users and set the SAML information against the user.

By default, the module let users have both a password and SAML ids.
To increase security, disable passwords by using the option in Settings.
Note that the admin account can still have a password, even if the option is activated.
Setting the option immediately remove all password from users with a configured SAML ids.

If all the users have a SAML id in a single provider, you can set automatic redirection
in the provider settings. The autoredirection will only be done on the active provider
with the highest priority. It is still possible to access the login without redirection
by using the query parameter ``disable_autoredirect``, as in
``https://example.com/web/login?disable_autoredirect=`` The login is also displayed if
there is an error with SAML login, in order to display any error message.

If you are using Office365 as identity provider, set up the federation metadata document
rather than the document itself. This will allow the module to refresh the document when
needed. 

Usage
=====

Users can login with the configured SAML IdP with buttons added in the login screen.

Known issues / Roadmap
======================

* clean up ``auth_saml.request``

Changelog
=========

16.0.1.2.1 (2025-05-13)
~~~~~~~~~~~~~~~~~~~~~~~

**Bugfixes**

- Avoid redirecting when there is a SAML error. ()


16.0.1.0.0
~~~~~~~~~~

Initial migration for 16.0.

Bug Tracker
===========

Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us to smash it by providing a detailed and welcomed
`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_saml%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.

Do not contact contributors directly about support or help with technical issues.

Credits
=======

Authors
~~~~~~~

* XCG Consulting

Contributors
~~~~~~~~~~~~

* `XCG Consulting <https://xcg-consulting.fr/>`__:

  * Florent Aide <florent.aide@xcg-consulting.fr>
  * Vincent Hatakeyama <vincent.hatakeyama@xcg-consulting.fr>
  * Alexandre Brun
  * Houzéfa Abbasbhay <houzefa.abba@xcg-consulting.fr>
  * Szeka Wong <szeka.wong@xcg-consulting.fr>
* Jeremy Co Kim Len <jeremy.cokimlen@vinci-concessions.com>
* Jeffery Chen Fan <jeffery9@gmail.com>
* Bhavesh Odedra <bodedra@opensourceintegrators.com>
* `Tecnativa <https://www.tecnativa.com/>`__:

  * Jairo Llopis
* `GlodoUK <https://www.glodo.uk/>`__:

  * Karl Southern
* `TAKOBI <https://takobi.online/>`__:

  * Lorenzo Battistini

Maintainers
~~~~~~~~~~~

This module is maintained by the OCA.

.. image:: https://odoo-community.org/logo.png
   :alt: Odoo Community Association
   :target: https://odoo-community.org

OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.

.. |maintainer-vincent-hatakeyama| image:: https://github.com/vincent-hatakeyama.png?size=40px
    :target: https://github.com/vincent-hatakeyama
    :alt: vincent-hatakeyama

Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:

|maintainer-vincent-hatakeyama| 

This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/auth_saml>`_ project on GitHub.

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.