From dfe080fae13aa41c00b19372741aff0a5a31e3ac Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 16 Dec 2021 12:00:31 +0100 Subject: [PATCH] Odoo integration doc --- doc/sources/admin/applications.rst | 2 + doc/sources/admin/applications/odoo.rst | 88 +++++++++++++++++++ doc/sources/admin/applications/odoo_logo.png | Bin 0 -> 3255 bytes doc/sources/admin/idpsaml.rst | 2 + doc/sources/admin/samlservice.rst | 3 + 5 files changed, 95 insertions(+) create mode 100644 doc/sources/admin/applications/odoo.rst create mode 100644 doc/sources/admin/applications/odoo_logo.png diff --git a/doc/sources/admin/applications.rst b/doc/sources/admin/applications.rst index 68b12e038..32243ef1c 100644 --- a/doc/sources/admin/applications.rst +++ b/doc/sources/admin/applications.rst @@ -35,6 +35,7 @@ Applications applications/mobilizon applications/nextcloud applications/obm + applications/odoo applications/office365 applications/publik applications/phpldapadmin @@ -118,6 +119,7 @@ Application Configuration .. image:: applications/mobilizon_logo.jpg :doc:`Mobilizon` ✔ .. image:: applications/nextcloud-logo.png :doc:`NextCloud` ✔ .. image:: applications/obm_logo.png :doc:`OBM` ✔ +.. image:: applications/odoo_logo.png :doc:`Odoo` ✔ .. image:: applications/logo_office_365.png :doc:`Office 365` ✔ .. image:: applications/logo-publik.png :doc:`Publik` ✔ .. image:: applications/phpldapadmin_logo.png :doc:`phpLDAPAdmin` ✔ diff --git a/doc/sources/admin/applications/odoo.rst b/doc/sources/admin/applications/odoo.rst new file mode 100644 index 000000000..6d3101028 --- /dev/null +++ b/doc/sources/admin/applications/odoo.rst @@ -0,0 +1,88 @@ +Odoo +==== + +|image0| + +Presentation +------------ + +Odoo is a suite of business management software tools including, for example, CRM, e-commerce, billing, accounting, manufacturing, warehouse, project management, and inventory management. + +Requirements +------------ + +This guide explains how to authenticate your Odoo users using LemonLDAP::NG 's SAML provider. + +Make sure you have :doc:`set up LemonLDAP::NG a SAML IDP <../samlservice>` + +.. warning:: + Odoo requires your public SAML Signature key to be in `BEGIN CERTIFICATE` + format, if this is not the case, you need to :ref:`convert your SAML key to + a certificate`) + +.. warning:: + Odoo requires LemonLDAP::NG 2.0.14 in order to handle RelayState correctly + +Configuring Odoo +---------------- + +Pre-requisites +~~~~~~~~~~~~~~ + +On the Odoo side, you need to install the ``auth_saml`` module from OCA: + +* https://github.com/OCA/server-auth/tree/14.0/auth_saml +* https://odoo-community.org/shop/product/saml2-authentication-3211 + +This module requires the ``pysaml2`` and ``xmlsec1`` python dependencies. + +Configuration +~~~~~~~~~~~~~ + +After installing the module, you will see two new menus in the Odoo admin: + + +* Settings » Users & Companies » SAML Providers +* And a new *SAML* tab in Settings » Users & Companies » Users + + +Creating a new SAML Provider +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Create a new SAML provider in Settings » Users & Companies » SAML Providers + +* Choose a name +* Copy the metadata from https://auth.example.com/saml/metadata/idp in the *Identity Provider Metadata* field +* Import a certificate and a private key in the *Odoo Public Certificate* and *Odoo Private Key* fields + +To generate a key/certificate pair, you can run the following command:: + + openssl req -x509 -newkey rsa:4096 -keyout odoo-key.pem -out odoo-cert.pem -sha256 -days 3650 -nodes + +* Select a signature method in the *Signature Algorithm*, such as *SIG_RSA_SHA256* +* If you do not want to use the email address to match between LLNG and Odoo accounts, set the *Identity Provider matching attribute* to a different value +* All other fields may be left to default values + +Configuring users +~~~~~~~~~~~~~~~~~ + +For each user you want to enable SAML on, you need to edit them in Settings » Users & Companies » Users + +In the *SAML* tab, set the SAML provider you just created, and their email address as the identifier. + +Configuring LemonLDAP +--------------------- + +Add a new :ref:`new SAML Service Provider to the LemonLDAP::NG configuration` +with the following parameters: + +* **Metadata** + * Copy the Metadata found at the URL referenced in Odoo's Settings » Users & Companies » SAML Providers menu » Your provider » Metadata URL +* **Exported Attributes** + * Declare the attribute that you set in Odoo's *Identity Provider matching attribute* + * If you are using the email, you don't need to declare anything + + +.. |image0| image:: /applications/odoo_logo.png + :class: align-center + diff --git a/doc/sources/admin/applications/odoo_logo.png b/doc/sources/admin/applications/odoo_logo.png new file mode 100644 index 0000000000000000000000000000000000000000..929c604e11ed4f758355a0e19bcbf957c08df8ce GIT binary patch literal 3255 zcmV;o3`p~dP)004R>004l5008;`004mK004C`008P>0026e000+ooVrmw00006 zVoOIv0RI600RN!9r;`8x010qNS#tmY4#NNd4#NS*Z>VGd000McNliruR~ zYZVmKBHiNPoOghWDEiBku)4=1%3}qNhA_G_V@fg3?%mV1oB07b#?0BuL8rv{{_GW zW;WE!_V*M&6ntz5iJ*V^}tI&UC?8T zB(jl{k&xQ5N`OMp8Ng-0>0y9u*a|!W%*1RFXm>}X)YQ}v3^E$HJQ%B62l873F}DLJ z0^>U(B*;&ZJr=kaI4+Et4GqBGfZv$e%8rZ{86yFl5Of#=e4+#SJAr3_n}9jMu1xaV z5wgcC=mT60`~WzJ{ILPJ!HiiF+v8y@;@16u>A*#J_{bM6xaYLJ6DK4>#t`7=z_~zS zC&qXUxE6Q>NMiWG@EZ!52^*eSjN)(Pq}>*@27#+$*lgLdFNc za^PRUE5Mda(*(YOlUfq3u>?>%s>&HLCLqlu-NoND?2m%S4Ax+@2=zb=0mg;DUa@yJ z0^=~A+;~2;fSr;`fWg3*fpR=yiK5xe zE|qjg%1a9N(4s+z%QKMilwp%(T5f{zd-jE<+On$ppy1;`4KOJ3ULT;sWQz+oSyM}2 z4VH9S1~L}oS<`d0PYrigS643sUXt`Aa5FHJj`0ON)JCxzZ$Qof-iwBZnwpwMGkaUo zTs-_t2YN)_Js!Bo%w`1g50W$~0~yP4k69oo8seI&tE)EvOC&uSbclLxv80JWouqdG zR9jXFCJ+ir7+>2yI5Bs}rwS$o(xP}h z$X^POZ37J}^K{^D;E?G3l!r)Kh_BoWV8Fbq6zh zED#b!DcG2%;|hul&Wznl0ymjiRx+SnvGz1@3z?C`bN^Fg*H;6TKx0SU;4pS8FbkL; zyL}XJN_c;Cj0}L=LXDJFhl+{{Lc;NHpc?nu6a<_d!Yv8^t^S~RI9P68%;YTe%I8f3 zDGA(5`bIpWWL0tyaCGeY8^9yE^8J{if5GE(CPIdgo_@~3H`bh0crf^8+@qrGb-`<& z?(Av%r?3WiAYUDVr#}p=jNSe;p^Kd`AH5%NaO|O_ppDA2X<-ItypFqg6a%!&jv#Z~ zt}wjNpIkl(1}wx=L3;$_+*&$?%4GbK>42ZMV@PC z6iKa;n(;j#ibMtj<{ZP!3TVHn1GI+46W5{G%o3eFtu(WEdTn7068^t!2DZl@8e*up zlVcrB`wRkLi;2~EzbiVaqiLUF=7XNVF|lh~@tS7?>9K#PnMKhLxV+{p2q>-irsDm7UAJ)VeDSlpmQJcfSGlb zG=cQ4!y+@=E<1ox0Wo_%U#H?EST7_E7MEjbV%^3WNMI$n1$VH8s&tRfX3xQ7j}B zu6P<9k0fUT*GekQ=IMd(Lf{h83)d~cgKdpbXgmKX1>J@BU7~0*Y?jb0U@eA~&znlE z6O;gsL7EDDlk^S!y2RGRjIAe$9fu_nl75a?!%?&V_v6jHmkFC2fTTh^L|u)4{u6Jz zTo3%j{3sB-*7*nNVRH@evoOvF5&7V$@<_Zw|9o8cV8BPi?*wooFe!r$cLzdO5<0|z zAOVNst(nV6KW?bS&uf}1Dk_|i*=1G8_khoV?hgW@FyKGH9D`+;ZI#p;4+*15UsVAA z1TFyT%j>45R>`4~?gLKA@O%R>-^`wuv>D$lN8l}!{u!QsDlCGAii(P8i{<-x&nTW@ z?ZUgfb!N6gQcKYDG`t7aJHr^a;BEL_5d$BIA7l;B@ccV?UvCMp$;^6$FgOM;T;s8S zg_(^7UQQL41>gYdRRh}UGdBzHZt1zoil`+9sYk?mE zvq@jY1AuXo#*rIKfyqEaYPClWr|t~OUrGD)wFqymoGPEck)Ga0@fd!@7)G1AhVr#@;y`Kh(PzNJ{F+M(^RC|8lg_Z#xeeUpFnhYImoU%_2xak!%Ak1HK0= z5h8U!6)Dc11-{FkxZEk2*?hdc{$jLq8yRCKa2?(=%Jz9_q60FLz=L>rX#f~Ic5Ivc z5bK`^hF_UQMlKt@jVA+-#@jAwFZh9yC6G=9euT%>d``t0&0V5) z6JE>A#arXAkmW2ripZYT4PUh5@Z{i-m=4W&cv>9fKLIqwy}Ls~qQsblj3N_<2#&z$ zXHYEfTh#-r!hpN?=G&~GSQmWbJ`z7wD+y$*3&z@zkCAd1t`tvg4+naiSr?#D(%PWI zX7c=YDvBF#ypcpA0iFT&2adq^!)_5WR+-s4NiErkIDi8