OCA · tb-flyt · Feb 20, 2024 · Feb 20, 2024 · Feb 20, 2024 · Feb 27, 2024
diff --git a/auth_saml/models/__init__.py b/auth_saml/models/__init__.py
@@ -8,4 +8,5 @@
     res_config_settings,
     res_users,
     res_users_saml,
+    res_company,
 )
diff --git a/auth_saml/models/auth_saml_provider.py b/auth_saml/models/auth_saml_provider.py
@@ -137,6 +137,10 @@ class AuthSamlProvider(models.Model):
         help="Whether metadata should be signed or not",
     )
 
+    allow_saml_unsolicited_req = fields.Boolean(
+            compute="_compute_allow_saml_unsolicited"
+    )
+
     @api.model
     def _sig_alg_selection(self):
         return [(sig[0], sig[0]) for sig in ds.SIG_ALLOWED_ALG]
@@ -219,7 +223,7 @@ def _get_config_for_provider(self, base_url: str = None) -> Saml2Config:
                             (acs_url, saml2.BINDING_HTTP_POST),
                         ],
                     },
-                    "allow_unsolicited": False,
+                    "allow_unsolicited": self.allow_saml_unsolicited_req,
                     "authn_requests_signed": self.authn_requests_signed,
                     "logout_requests_signed": self.logout_requests_signed,
                     "want_assertions_signed": self.want_assertions_signed,
@@ -370,3 +374,9 @@ def _hook_validate_auth_response(self, response, matching_value):
             vals[attribute.field_name] = attribute_value
 
         return {"mapped_attrs": vals}
+
+    def _compute_allow_saml_unsolicited(self):
+        self.ensure_one()
+        self.allow_saml_unsolicited_req = self.env.company.allow_saml_unsolicited_req
+
+
diff --git a/auth_saml/models/ir_config_parameter.py b/auth_saml/models/ir_config_parameter.py
@@ -7,7 +7,6 @@
 _logger = logging.getLogger(__name__)
 ALLOW_SAML_UID_AND_PASSWORD = "auth_saml.allow_saml_uid_and_internal_password"
 
-
 class IrConfigParameter(models.Model):
     """Redefined to update users when our parameter is changed."""
 

diff --git a/auth_saml/models/res_company.py b/auth_saml/models/res_company.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+
+from odoo import models, api, fields, _
+
+class ResCompany(models.Model):
+    _inherit = 'res.company'
+
+    allow_saml_unsolicited_req = fields.Boolean()
diff --git a/auth_saml/models/res_config_settings.py b/auth_saml/models/res_config_settings.py
@@ -13,3 +13,8 @@ class ResConfigSettings(models.TransientModel):
         "Allow SAML users to possess an Odoo password (warning: decreases security)",
         config_parameter=ALLOW_SAML_UID_AND_PASSWORD,
     )
+
+    allow_saml_unsolicited_req = fields.Boolean(
+            related='company_id.allow_saml_unsolicited_req', readonly=False
+    )
+
diff --git a/auth_saml/views/res_config_settings.xml b/auth_saml/views/res_config_settings.xml
@@ -14,6 +14,12 @@
                     <div class="o_setting_right_pane">
                         <label for="allow_saml_uid_and_internal_password" />
                     </div>
+                    <div class="o_setting_left_pane">
+                        <field name="allow_saml_unsolicited_req" />
+                    </div>
+                    <div class="o_setting_right_pane">
+                        <label for="allow_saml_unsolicited_req" />
+                    </div>
                 </div>
             </xpath>
         </field>