Odoo¶
Presentation¶
Odoo is a suite of business management software tools including, for example, CRM, e-commerce, billing, accounting, manufacturing, warehouse, project management, and inventory management.
Requirements¶
This guide explains how to authenticate your Odoo users using LemonLDAP::NG ‘s SAML provider.
Make sure you have set up LemonLDAP::NG a SAML IDP
Warning
Odoo requires your public SAML Signature key to be in BEGIN CERTIFICATE format, if this is not the case, you need to convert your SAML key to a certificate)
Warning
Odoo requires LL::NG 2.0.14 in order to handle RelayState correctly
Configuring Odoo¶
Pre-requisites¶
On the Odoo side, you need to install the auth_saml
module from OCA:
This module requires the pysaml2
and xmlsec1
python dependencies.
Configuration¶
After installing the module, you will see two new menus in the Odoo admin:
Settings » Users & Companies » SAML Providers
And a new SAML tab in Settings » Users & Companies » Users
Creating a new SAML Provider¶
Create a new SAML provider in Settings » Users & Companies » SAML Providers
Choose a name
Copy the metadata from https://auth.example.com/saml/metadata/idp in the Identity Provider Metadata field
Import a certificate and a private key in the Odoo Public Certificate and Odoo Private Key fields
To generate a key/certificate pair, you can run the following command:
openssl req -x509 -newkey rsa:4096 -keyout odoo-key.pem -out odoo-cert.pem -sha256 -days 3650 -nodes
Select a signature method in the Signature Algorithm, such as SIG_RSA_SHA256
If you do not want to use the email address to match between LL::NG and Odoo accounts, set the Identity Provider matching attribute to a different value
All other fields may be left to default values
Configuring users¶
For each user you want to enable SAML on, you need to edit them in Settings » Users & Companies » Users
In the SAML tab, set the SAML provider you just created, and their email address as the identifier.
Configuring LemonLDAP¶
Add a new new SAML Service Provider to the LemonLDAP::NG configuration with the following parameters:
Metadata * Copy the Metadata found at the URL referenced in Odoo’s Settings » Users & Companies » SAML Providers menu » Your provider » Metadata URL
- Exported Attributes
Declare the attribute that you set in Odoo’s Identity Provider matching attribute
If you are using the email, you don’t need to declare anything