Merge pull request OCA#315 from OCA/16.0

Syncing from upstream OCA/server-auth (16.0)

README.md

@@ -23,6 +23,7 @@ addon | version | maintainers | summary
 --- | --- | --- | ---
 [auth_admin_passkey](auth_admin_passkey/) | 16.0.1.0.0 |  | Allows system administrator to authenticate with any account
 [auth_api_key](auth_api_key/) | 16.0.1.0.0 |  | Authenticate http requests from an API key
+[auth_saml](auth_saml/) | 16.0.1.0.0 |  | SAML2 Authentication
 
 [//]: # (end addons)
 

auth_saml/README.rst

@@ -0,0 +1,155 @@
+====================
+SAML2 Authentication
+====================
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/16.0/auth_saml
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-auth_saml
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/251/16.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
+Let users log into Odoo via an SAML2 identity provider.
+
+This module allows to deport the management of users and passwords in an
+external authentication system to provide SSO functionality (Single Sign On)
+between Odoo and other applications of your ecosystem.
+
+**Benefits**:
+
+* Reducing the time spent typing different passwords for different accounts.
+
+* Reducing the time spent in IT support for password oversights.
+
+* Centralizing authentication systems.
+
+* Securing all input levels / exit / access to multiple systems without
+  prompting users.
+
+* The centralization of access control information for compliance testing to
+  different standards.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Installation
+============
+
+This addon requires the python module ``pysaml2``.
+
+``pysaml2`` requires the binary ``xmlsec1`` (on Debian or Ubuntu you can install it with ``apt-get install xmlsec1``)
+
+Configuration
+=============
+
+To use this module, you need an IDP server, properly set up.
+
+#. Configure the module according to your IdP’s instructions
+   (Settings > Users & Companies > SAML Providers).
+#. Pre-create your users and set the SAML information against the user.
+
+By default, the module let users have both a password and SAML ids.
+To increase security, disable passwords by using the option in Settings.
+Note that the admin account can still have a password, even if the option is activated.
+Setting the option immediately remove all password from users with a configured SAML ids.
+
+If all the users have a SAML id in a single provider, you can set automatic redirection
+in the provider settings. The autoredirection will only be done on the active provider
+with the highest priority. It is still possible to access the login without redirection
+by using the query parameter ``disable_autoredirect``, as in
+``https://example.com/web/login?disable_autoredirect=`` The login is also displayed if
+there is an error with SAML login, in order to display any error message.
+
+Usage
+=====
+
+Users can login with the configured SAML IdP with buttons added in the login screen.
+
+Known issues / Roadmap
+======================
+
+* clean up ``auth_saml.request``
+
+Changelog
+=========
+
+16.0.1.0.0
+~~~~~~~~~~
+
+Initial migration for 16.0.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_saml%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* XCG Consulting
+
+Contributors
+~~~~~~~~~~~~
+
+* `XCG Consulting <https://xcg-consulting.fr/>`__:
+
+  * Florent Aide <[email protected]>
+  * Vincent Hatakeyama <[email protected]>
+  * Alexandre Brun
+  * Houzéfa Abbasbhay <[email protected]>
+  * Szeka Wong <[email protected]>
+* Jeremy Co Kim Len <[email protected]>
+* Jeffery Chen Fan <[email protected]>
+* Bhavesh Odedra <[email protected]>
+* `Tecnativa <https://www.tecnativa.com/>`__:
+
+  * Jairo Llopis
+* `GlodoUK <https://www.glodo.uk/>`__:
+
+  * Karl Southern
+* `TAKOBI <https://takobi.online/>`__:
+
+  * Lorenzo Battistini
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/auth_saml>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_saml/__init__.py

@@ -0,0 +1 @@
+from . import controllers, models

auth_saml/__manifest__.py

@@ -0,0 +1,30 @@
+# Copyright (C) 2020 GlodoUK <https://www.glodo.uk/>
+# Copyright (C) 2010-2016, 2022 XCG Consulting <http://odoo.consulting>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "SAML2 Authentication",
+    "version": "16.0.1.0.0",
+    "category": "Tools",
+    "author": "XCG Consulting, Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/server-auth",
+    "license": "AGPL-3",
+    "depends": ["base_setup", "web"],
+    "external_dependencies": {
+        "python": ["pysaml2"],
+        "bin": ["xmlsec1"],
+        # special definition used by OCA to install packages
+        "deb": ["xmlsec1"],
+    },
+    "demo": [],
+    "data": [
+        "data/ir_config_parameter.xml",
+        "security/ir.model.access.csv",
+        "views/auth_saml.xml",
+        "views/res_config_settings.xml",
+        "views/res_users.xml",
+    ],
+    "installable": True,
+    "auto_install": False,
+    "development_status": "Beta",
+}

auth_saml/controllers/__init__.py

@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import main