Authenticated Through LemonLDAP::NG in OpenERP | Secure Login

Yes, it is possible to implement authentication with LemonLDAP::NG directly from the code in OpenERP (Odoo) by integrating the SSO mechanism. Here’s how you can do it:

1. Use SAML or OpenID Connect Libraries

You can use Python libraries to handle SAML or OpenID Connect, which are the standard protocols LemonLDAP::NG supports for SSO. Some common libraries are:

• SAML: 'python3-saml, pysaml2'
• OpenID Connect: 'authlib', 'python-openid', 'oidc-client'

2. Configure the LemonLDAP::NG Application

• Create a new application in LemonLDAP::NG for OpenERP/Odoo.
• Note down the SSO URL, Entity ID, Certificate, Client ID, and Client Secret from LemonLDAP::NG for the SAML or OpenID Connect configuration.

3. Modify OpenERP/Odoo Code for SSO

To integrate SSO directly through the code, you would typically create or modify a custom authentication module in Odoo:

a. Create a Custom Odoo Module

• Create a new directory for your custom module, for example, 'custom_auth_llng'.
• Add necessary files like '__manifest__.py', '__init__.py', and your main authentication file, such as 'llng_auth.py'.

b. Implement the SSO Logic

Within the 'llng_auth.py', implement the SSO logic using the chosen protocol library.

Here is an example snippet for SAML integration:

from odoo import http
from onelogin.saml2.auth import OneLogin_Saml2_Auth

class LemonLDAPNGAuth(http.Controller):

    @http.route('/auth/saml/login', auth='none')
    def saml_login(self, **kwargs):
        # Initialize SAML authentication
        saml_auth = OneLogin_Saml2_Auth(http.request.httprequest)
        redirect_url = saml_auth.login()
        return http.redirect(redirect_url)

    @http.route('/auth/saml/acs', auth='none', csrf=False)
    def saml_acs(self, **kwargs):
        # Process the SAML response
        saml_auth = OneLogin_Saml2_Auth(http.request.httprequest)
        saml_auth.process_response()
        errors = saml_auth.get_errors()

        if not errors:
            user_info = saml_auth.get_attributes()
            # Implement logic to create or find the user in Odoo
            # Log the user in and set session details
            return http.redirect('/web')

        return http.request.not_found()

c. Handle SSO Response and User Session

• Parse the SAML/OpenID Connect response.
• Validate the user against Odoo’s internal user database or create a new user if necessary.
• Set up the user session within Odoo.

4. Configure Odoo Settings

Ensure that your custom module is installed and correctly configured. You may need to add the authentication endpoint routes in the 'ir.http' model if required.

5. Test the Integration

• Ensure that LemonLDAP::NG is properly configured with the correct endpoints for SAML or OpenID Connect.
• Test the login flow from the OpenERP/Odoo side to ensure that the authentication works correctly.

6. Debugging and Logs

Monitor Odoo and LemonLDAP::NG logs to diagnose and debug any issues in the authentication flow.

Additional Considerations

• Security: Ensure that all communications between OpenERP/Odoo and LemonLDAP::NG are over HTTPS.
• Maintenance: Maintain the custom module by keeping it up-to-date with both LemonLDAP::NG and Odoo updates.

Would you like to dive deeper into any particular aspect, like SAML configuration or specific library usage?

Conclusion

Yes, it is simply possible to apply authentication along with LemonLDAP::NG openly from the specific code in OpenERP (Odoo) by including the mechanism of SSO. Here is how you can do it with managed ODOOOO server solutions.