Alfresco, OpenERP/Odoo integrations (was: Re: SSO)
Peter Schober
peter.schober at univie.ac.at
Mon Dec 16 09:42:58 EST 2019
* Landry BIAO <iloumon53 at gmail.com> [2019-12-16 00:42]:
> Hi everybody. I want to perform single sign-on for web applications
> (Alfresco and odoo) using shibboleth. But I can't do it.
Well, noone here is going to do it for you just because you "can't".
(With the possible exception of you hiring someone.)
>From a technical standpoint it's not even clear what you're asking:
About integrating the Shibboleth SP software with those applications?
Or merely "using" a Shibboleth IDP (as an instance of any SAML IDP)
with SAML SP integrations that may exist for these applications
(possibly only as part of their "enterprise" versions)?
As often is the case none of these integrations seem overly obvious
(especially not for newcomers) and there's no guide for them yet at:
https://wiki.shibboleth.net/confluence/display/KB/IntegrationGuides
So fully aware that everything below will not be of much help to you
here's my take on these two applications -- not that anyone is going
to find that burried in a thread with the meaningless subject "SSO":
Alfresco
========
Alfresco claims support for SAML WebSSO:
https://docs.alfresco.com/sso/topics/saml.html
though that seems rather limited (as usual).
So this seems like an excercise in following their documentation (to
extract their own requirements) and the documentation of the
Shibboleth IDP (on how to satisfy conctete technical requirements).
But Alfresco also has support for "external authentication"
https://docs.alfresco.com/5.2/concepts/auth-basics.html
In conjunction with httpd and mod_proxy_ajp this should allow use of
the Shibboleth SP with Alfresco. (Which would certainly be my own
preference because I know how to use httpd and Shibboleth.)
OpenERP/Odoo
============
Odoo isn't the easiest to integrate SAML with, from a quick look.
It seems you can buy a SAML SSO module (random search result):
https://apps.odoo.com/apps/modules/11.0/auth_saml/
that uses Entr'ouvert's LASSO.
Other than that it's a Python web application using the 'Werkzeug'
WSGI library, so while their documentation at
https://www.odoo.com/documentation/13.0/setup/deploy.html#builtin-server
mentions:
"Odoo includes built-in HTTP servers, using either multithreading or
multiprocessing."
you can also run it with a WSGI application server of your choice:
https://www.odoo.com/documentation/13.0/setup/deploy.html#odoo-as-a-wsgi-application
That latter approach would allow use of Apache httpd as both TLS
terminator and web server, with uWSGI (which has a good httpd
integration via mod_proxy_uwsgi) or mod_wsgi as application servers
respectively. Both allow use of environment variables set by the
Shibboleth SP, though how Odoo can be made to accept/consume those
would require a closer look.
Other than that Odoo also allows proxying via HTTP (and passing
attributes via HTTP Request Headers to Odoo's own HTTP server)
https://www.odoo.com/documentation/13.0/reference/cmdline.html#http
though that approach is not recommended by the Shibboleth project.
-peter
More information about the users
mailing list