Odoo integration doc
This commit is contained in:
parent
dfbdd7015a
commit
dfe080fae1
|
@ -35,6 +35,7 @@ Applications
|
||||||
applications/mobilizon
|
applications/mobilizon
|
||||||
applications/nextcloud
|
applications/nextcloud
|
||||||
applications/obm
|
applications/obm
|
||||||
|
applications/odoo
|
||||||
applications/office365
|
applications/office365
|
||||||
applications/publik
|
applications/publik
|
||||||
applications/phpldapadmin
|
applications/phpldapadmin
|
||||||
|
@ -118,6 +119,7 @@ Application Configuration
|
||||||
.. image:: applications/mobilizon_logo.jpg :doc:`Mobilizon<applications/mobilizon>` ✔
|
.. image:: applications/mobilizon_logo.jpg :doc:`Mobilizon<applications/mobilizon>` ✔
|
||||||
.. image:: applications/nextcloud-logo.png :doc:`NextCloud<applications/nextcloud>` ✔
|
.. image:: applications/nextcloud-logo.png :doc:`NextCloud<applications/nextcloud>` ✔
|
||||||
.. image:: applications/obm_logo.png :doc:`OBM<applications/obm>` ✔
|
.. image:: applications/obm_logo.png :doc:`OBM<applications/obm>` ✔
|
||||||
|
.. image:: applications/odoo_logo.png :doc:`Odoo<applications/odoo>` ✔
|
||||||
.. image:: applications/logo_office_365.png :doc:`Office 365<applications/office365>` ✔
|
.. image:: applications/logo_office_365.png :doc:`Office 365<applications/office365>` ✔
|
||||||
.. image:: applications/logo-publik.png :doc:`Publik<applications/publik>` ✔
|
.. image:: applications/logo-publik.png :doc:`Publik<applications/publik>` ✔
|
||||||
.. image:: applications/phpldapadmin_logo.png :doc:`phpLDAPAdmin<applications/phpldapadmin>` ✔
|
.. image:: applications/phpldapadmin_logo.png :doc:`phpLDAPAdmin<applications/phpldapadmin>` ✔
|
||||||
|
|
88
doc/sources/admin/applications/odoo.rst
Normal file
88
doc/sources/admin/applications/odoo.rst
Normal file
|
@ -0,0 +1,88 @@
|
||||||
|
Odoo
|
||||||
|
====
|
||||||
|
|
||||||
|
|image0|
|
||||||
|
|
||||||
|
Presentation
|
||||||
|
------------
|
||||||
|
|
||||||
|
Odoo is a suite of business management software tools including, for example, CRM, e-commerce, billing, accounting, manufacturing, warehouse, project management, and inventory management.
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
------------
|
||||||
|
|
||||||
|
This guide explains how to authenticate your Odoo users using LemonLDAP::NG 's SAML provider.
|
||||||
|
|
||||||
|
Make sure you have :doc:`set up LemonLDAP::NG a SAML IDP <../samlservice>`
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
Odoo requires your public SAML Signature key to be in `BEGIN CERTIFICATE`
|
||||||
|
format, if this is not the case, you need to :ref:`convert your SAML key to
|
||||||
|
a certificate<samlservice-convert-certificate>`)
|
||||||
|
|
||||||
|
.. warning::
|
||||||
|
Odoo requires LemonLDAP::NG 2.0.14 in order to handle RelayState correctly
|
||||||
|
|
||||||
|
Configuring Odoo
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Pre-requisites
|
||||||
|
~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
On the Odoo side, you need to install the ``auth_saml`` module from OCA:
|
||||||
|
|
||||||
|
* https://github.com/OCA/server-auth/tree/14.0/auth_saml
|
||||||
|
* https://odoo-community.org/shop/product/saml2-authentication-3211
|
||||||
|
|
||||||
|
This module requires the ``pysaml2`` and ``xmlsec1`` python dependencies.
|
||||||
|
|
||||||
|
Configuration
|
||||||
|
~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
After installing the module, you will see two new menus in the Odoo admin:
|
||||||
|
|
||||||
|
|
||||||
|
* Settings » Users & Companies » SAML Providers
|
||||||
|
* And a new *SAML* tab in Settings » Users & Companies » Users
|
||||||
|
|
||||||
|
|
||||||
|
Creating a new SAML Provider
|
||||||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
Create a new SAML provider in Settings » Users & Companies » SAML Providers
|
||||||
|
|
||||||
|
* Choose a name
|
||||||
|
* Copy the metadata from https://auth.example.com/saml/metadata/idp in the *Identity Provider Metadata* field
|
||||||
|
* Import a certificate and a private key in the *Odoo Public Certificate* and *Odoo Private Key* fields
|
||||||
|
|
||||||
|
To generate a key/certificate pair, you can run the following command::
|
||||||
|
|
||||||
|
openssl req -x509 -newkey rsa:4096 -keyout odoo-key.pem -out odoo-cert.pem -sha256 -days 3650 -nodes
|
||||||
|
|
||||||
|
* Select a signature method in the *Signature Algorithm*, such as *SIG_RSA_SHA256*
|
||||||
|
* If you do not want to use the email address to match between LLNG and Odoo accounts, set the *Identity Provider matching attribute* to a different value
|
||||||
|
* All other fields may be left to default values
|
||||||
|
|
||||||
|
Configuring users
|
||||||
|
~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
For each user you want to enable SAML on, you need to edit them in Settings » Users & Companies » Users
|
||||||
|
|
||||||
|
In the *SAML* tab, set the SAML provider you just created, and their email address as the identifier.
|
||||||
|
|
||||||
|
Configuring LemonLDAP
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
Add a new :ref:`new SAML Service Provider to the LemonLDAP::NG configuration<samlidp-register-sp>`
|
||||||
|
with the following parameters:
|
||||||
|
|
||||||
|
* **Metadata**
|
||||||
|
* Copy the Metadata found at the URL referenced in Odoo's Settings » Users & Companies » SAML Providers menu » Your provider » Metadata URL
|
||||||
|
* **Exported Attributes**
|
||||||
|
* Declare the attribute that you set in Odoo's *Identity Provider matching attribute*
|
||||||
|
* If you are using the email, you don't need to declare anything
|
||||||
|
|
||||||
|
|
||||||
|
.. |image0| image:: /applications/odoo_logo.png
|
||||||
|
:class: align-center
|
||||||
|
|
BIN
doc/sources/admin/applications/odoo_logo.png
Normal file
BIN
doc/sources/admin/applications/odoo_logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 3.2 KiB |
|
@ -58,6 +58,8 @@ IDP related metadata.
|
||||||
In both cases, the entityID of the LemonLDAP::NG server is
|
In both cases, the entityID of the LemonLDAP::NG server is
|
||||||
http://auth.example.com/saml/metadata
|
http://auth.example.com/saml/metadata
|
||||||
|
|
||||||
|
.. _samlidp-register-sp:
|
||||||
|
|
||||||
Register partner Service Provider on LemonLDAP::NG
|
Register partner Service Provider on LemonLDAP::NG
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
|
|
@ -153,6 +153,9 @@ To define keys, you can:
|
||||||
If you are running a version under 2.0.10, the choice of a signature
|
If you are running a version under 2.0.10, the choice of a signature
|
||||||
algorithm will affect all SP and IDP.
|
algorithm will affect all SP and IDP.
|
||||||
|
|
||||||
|
|
||||||
|
.. _samlservice-convert-certificate:
|
||||||
|
|
||||||
Converting a RSA public key to a certificate
|
Converting a RSA public key to a certificate
|
||||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user