{"id":8982,"date":"2024-08-29T06:32:17","date_gmt":"2024-08-29T06:32:17","guid":{"rendered":"https:\/\/www.infinitivehost.com\/knowledge-base\/?p=8982"},"modified":"2024-08-30T07:54:44","modified_gmt":"2024-08-30T07:54:44","slug":"authenticated-through-lemonldapng-in-openerp-secure-login","status":"publish","type":"post","link":"https:\/\/www.infinitivehost.com\/knowledge-base\/authenticated-through-lemonldapng-in-openerp-secure-login\/","title":{"rendered":"Authenticated Through LemonLDAP::NG in OpenERP | Secure Login"},"content":{"rendered":"<div class='epvc-post-count'><span class='epvc-eye'><\/span>  <span class=\"epvc-count\"> 1,188<\/span><span class='epvc-label'> Views<\/span><\/div>\n<p>Yes, it is possible to implement authentication with LemonLDAP::NG directly from the code in OpenERP (Odoo) by integrating the SSO mechanism. Here\u2019s how you can do it:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>Use SAML or OpenID Connect Libraries<\/strong><\/h3>\n\n\n\n<p>You can use Python libraries to handle SAML or OpenID Connect, which are the standard protocols LemonLDAP::NG supports for SSO. Some common libraries are:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SAML<\/strong>: <code><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">'python3-saml, pysaml2'<\/mark><\/code><\/li>\n\n\n\n<li><strong>OpenID Connect<\/strong>: <code><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">'authlib', 'python-openid', 'oidc-client'<\/mark><\/code><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>Configure the LemonLDAP::NG Application<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Create a new application<\/strong> in LemonLDAP::NG for OpenERP\/Odoo.<\/li>\n\n\n\n<li>Note down the <strong>SSO URL<\/strong>, <strong>Entity ID<\/strong>, <strong>Certificate<\/strong>, <strong>Client ID<\/strong>, and <strong>Client Secret<\/strong> from LemonLDAP::NG for the SAML or OpenID Connect configuration.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Modify OpenERP\/Odoo Code for SSO<\/strong><\/h3>\n\n\n\n<p>To integrate SSO directly through the code, you would typically create or modify a custom authentication module in Odoo:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">a. <strong>Create a Custom Odoo Module<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Create a new directory for your custom module, for example, <code><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">'custom_auth_llng'<\/mark><\/code>.<\/li>\n\n\n\n<li>Add necessary files like <code><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">'__manifest__.py'<\/mark><\/code>, <code><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">'__init__.py'<\/mark><\/code>, and your main authentication file, such as <code><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">'llng_auth.py'<\/mark><\/code>.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">b. <strong>Implement the SSO Logic<\/strong><\/h4>\n\n\n\n<p>Within the <code><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">'llng_auth.py'<\/mark><\/code>, implement the SSO logic using the chosen protocol library.<\/p>\n\n\n\n<p>Here is an example snippet for SAML integration:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><code><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">from odoo import http\nfrom onelogin.saml2.auth import OneLogin_Saml2_Auth\n\nclass LemonLDAPNGAuth(http.Controller):\n\n    @http.route('\/auth\/saml\/login', auth='none')\n    def saml_login(self, **kwargs):\n        # Initialize SAML authentication\n        saml_auth = OneLogin_Saml2_Auth(http.request.httprequest)\n        redirect_url = saml_auth.login()\n        return http.redirect(redirect_url)\n\n    @http.route('\/auth\/saml\/acs', auth='none', csrf=False)\n    def saml_acs(self, **kwargs):\n        # Process the SAML response\n        saml_auth = OneLogin_Saml2_Auth(http.request.httprequest)\n        saml_auth.process_response()\n        errors = saml_auth.get_errors()\n\n        if not errors:\n            user_info = saml_auth.get_attributes()\n            # Implement logic to create or find the user in Odoo\n            # Log the user in and set session details\n            return http.redirect('\/web')\n\n        return http.request.not_found()<\/mark><\/code><\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">c. <strong>Handle SSO Response and User Session<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Parse the SAML\/OpenID Connect response.<\/li>\n\n\n\n<li>Validate the user against Odoo\u2019s internal user database or create a new user if necessary.<\/li>\n\n\n\n<li>Set up the user session within Odoo.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4. <strong>Configure Odoo Settings<\/strong><\/h3>\n\n\n\n<p>Ensure that your custom module is installed and correctly configured. You may need to add the authentication endpoint routes in the <code><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-red-color\">'ir.http'<\/mark><\/code> model if required.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5. <strong>Test the Integration<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure that LemonLDAP::NG is properly configured with the correct endpoints for SAML or OpenID Connect.<\/li>\n\n\n\n<li>Test the login flow from the OpenERP\/Odoo side to ensure that the authentication works correctly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">6. <strong>Debugging and Logs<\/strong><\/h3>\n\n\n\n<p>Monitor Odoo and LemonLDAP::NG logs to diagnose and debug any issues in the authentication flow.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Additional Considerations<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Security<\/strong>: Ensure that all communications between OpenERP\/Odoo and LemonLDAP::NG are over HTTPS.<\/li>\n\n\n\n<li><strong>Maintenance<\/strong>: Maintain the custom module by keeping it up-to-date with both LemonLDAP::NG and Odoo updates.<\/li>\n<\/ul>\n\n\n\n<p>Would you like to dive deeper into any particular aspect, like SAML configuration or specific library usage?<\/p>\n\n\n\n<p><strong>Conclusion<\/strong><\/p>\n\n\n\n<p>Yes, it is simply possible to apply authentication along with LemonLDAP::NG openly from the specific code in OpenERP (Odoo) by including the mechanism of SSO. Here is how you can do it with <a href=\"https:\/\/www.infinitivehost.com\/managed-odoo-server-solutions\"><mark style=\"background-color:#8ed1fc\" class=\"has-inline-color\"><strong>managed ODOOOO server solutions<\/strong><\/mark><\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1,188 Views Yes, it is possible to implement authentication with LemonLDAP::NG directly from the code in OpenERP (Odoo) by integrating the SSO mechanism. Here\u2019s how you can do it: 1. Use SAML or OpenID Connect Libraries You can use Python libraries to handle SAML or OpenID Connect, which are the standard protocols LemonLDAP::NG supports for [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[203],"tags":[],"class_list":["post-8982","post","type-post","status-publish","format-standard","hentry","category-odoo"],"_links":{"self":[{"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/posts\/8982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/comments?post=8982"}],"version-history":[{"count":2,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/posts\/8982\/revisions"}],"predecessor-version":[{"id":9020,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/posts\/8982\/revisions\/9020"}],"wp:attachment":[{"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/media?parent=8982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/categories?post=8982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infinitivehost.com\/knowledge-base\/wp-json\/wp\/v2\/tags?post=8982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}