← Back to team overview

openerp-community team mailing list archive

Re: OpenERP SSO integration

 

On 23-06-11 20:20, Levente Bokor wrote:
Hi all,

Has anyone experience with implementing SSO in OpenERP or did anyone
come across an SSO module for OpenERP v6.x?


Hi Levente,

if your authentication scheme is supported by Apache, you can use Apache proxy + web client. We have experimented with a set of patches that allow the web client to delegate authentication to Apache. This opens up the way to passwordless authentication to a Windows domain or a Linux kerberos server as well as OpenID. Login is performed based on a shared secret known to the OpenERP server and the web client.

Our patches are quite simple, but they do not address all of the security issues. For one, as the web client logs users in when it finds a particular header containing the user name, the web client should only be accessible through the Apache proxy or else the header could be forged.

The OpenERP server patch can be made into a separate module. The web client patch cannot be made into a V6.0 web addon, but it looks like it might be possible for V6.1. If there is any demand for it, I can try to find the time to post a blog containing both patches later this week, although I would prefer to wait for the OpenID code from OpenERP to show up and try to hook into that as it probably addresses many of the same issues.

Cheers,
Stefan.

--
Therp - Maatwerk in open ontwikkeling

Stefan Rijnhart - Ontwerp en implementatie

mail: stefan@xxxxxxxx
tel: +31 (0) 614478606
web: http://therp.nl



References