| Next revision | Previous revision |
| en:2.0:single_sign_on:saml_odoo [2025/04/28 00:07] – created kainhofer | en:2.0:single_sign_on:saml_odoo [2025/05/15 23:59] (current) – [Configuring the Service Provider (Odoo)] kainhofer |
|---|
| The page preferences https://admidio.local/modules/preferences.php?panel=sso also provides the link to the metadata xml, and the individual settings in case a client does not support auto-configuration via metadata. | The page preferences https://admidio.local/modules/preferences.php?panel=sso also provides the link to the metadata xml, and the individual settings in case a client does not support auto-configuration via metadata. |
| |
| ===== TL;DR; - Quick Overview ===== | ===== Quick Overview ===== |
| |
| Setting up a client (SAML "Service Provider" - short SP) to use Admidio's user accounts for logging in consists of two steps. If both the IdP (Admidio in our case) and the SP (Odoo in this document) support metadata loading, the setup is very straightforward and easy. Otherwise, one has to copy URLs manually to the client, but Admidio already provides these in a single place, so this situation is not as bad, either. | Setting up a client (SAML "Service Provider" - short SP) to use Admidio's user accounts for logging in consists of two steps. If both the IdP (Admidio in our case) and the SP (Odoo in this document) support metadata loading, the setup is very straightforward and easy. Otherwise, one has to copy URLs manually to the client, but Admidio already provides these in a single place, so this situation is not as bad, either. |
| {{ :en:2.0:sso:sso_saml_02-03a_nc_saml_keysetup1.png?direct&400 |}} | {{ :en:2.0:sso:sso_saml_02-03a_nc_saml_keysetup1.png?direct&400 |}} |
| |
| After downloading the .p12 file, Applications like [[https://keystore-explorer.org/|KeyStore Explorer]] can be used to read the private key and copy the private key and the certificate in PEM format into a file and upload it into Odoo's SAML configuration. As signature algorithm choose either SHA1 or the more modern SHA256 | After downloading the .p12 file, Applications like [[https://keystore-explorer.org/|KeyStore Explorer]] can be used to read the private key and copy the private key and the certificate in PEM format into a file and upload them into Odoo's SAML configuration. As signature algorithm choose either SHA1 or the more modern SHA256. |
| |
| {{:en:2.0:sso:sso_saml_02-03b_nc_saml_keystoreexplorer1.png?direct&400|}}{{:en:2.0:sso:sso_saml_02-03c_nc_saml_keystoreexplorer2.png?direct&400|}} | {{:en:2.0:sso:sso_saml_02-03b_nc_saml_keystoreexplorer1.png?direct&400|}}{{:en:2.0:sso:sso_saml_02-03c_nc_saml_keystoreexplorer2.png?direct&400|}} |
| |
| |
| <WRAP center round todo 60%> | |
| todo box | |
| </WRAP> | |
| |
| |
| |
| |
| If the basic settings are valid, the Odoo plugin provides a link to the client (SP) metadata XML file right above the certificat upload field. Copy that URL, so it can be pasted into Admidio for auto-configuration of the SAML access (right-click on the link and copy the link location to the clipboard). | If the basic settings are valid and saved, the Odoo plugin provides a link to the client (SP) metadata XML file right above the certificat upload field. Copy that URL, so it can be pasted into Admidio for auto-configuration of the SAML access (right-click on the link and copy the link location to the clipboard). |
| |
| {{ :en:2.0:sso:sso_saml_odoo_05_odoo_setup_samlprovider_crypto.png?direct |}} | |
| |
| |
