none
OAuth2 single sign-on problem with Azure Active Directory and OAuth module in Odoo 8 RRS feed

  • Question

  • Hello, I'm trying to setup Odoo 8 software with single sign-on support on Azure Active Directory. Odoo 8 has integrated support for OAuth 2.0 protocol. This software is working fine with facebook or google accounts.

    I'm having trouble with Azure Active Directory setup. My question is if there is any option (in the application manifest.json for example) to configure Azure AD in a way that OAuth 2 protocol can be used for single sign-on instead of OpenID connect. 

    I know these protocols are much alike, but I've walked the following path.

    The link generated for users SSO in Odoo 8 is the following by default:

    https://login.microsoftonline.com/f1d1f721-7267-4c90-bb8e-a608819634f8/oauth2/authorize?state=%7B%22p%22%3A+5%2C+%22r%22%3A+%22http%253A%252F%252Flocalhost%252Fopenerp.wsgi%252Fweb%253F%22%2C+%22d%22%3A+%22demo1%22%7D&
    redirect_uri=http%3A%2F%2F192.168.237.140%2Fopenerp.wsgi%2Fauth_oauth%2Fsignin&
    response_type=token&
    client_id=d5c2d076-c4a1-4e0e-8002-6d4df4ed0092&
    debug=False&
    scope=False

    For Azure AD to support the url parameter "response_type=token" I found that the property oauth2AllowImplicitFlow must be changed to TRUE in the manifest.json for the application in Azure management portal.

    I also found that a parameter "resource=https%253A%252F%252Fgraph.windows.net" is missing in the above SSO url received from the OAuth module in Odoo 8.

    After these modifications I now get a succesfull token response from the Azure AD single sign-on endpoint.

    At this point I'm facing new difficulties with the single sign-on setup. So after reading several sources about OAuth I found that Azure is using OpenID connect for single sign-on and that OAuth is the base for this protocol. So I'm hoping for some setting in Azure AD to support basic OAuth instead of OpenID connect.

    Like I said, the software is working fine for Google, Twitter and Facebook. 

      
    Friday, March 18, 2016 3:27 PM

All replies

  • Hey R. van den Hoek,

    I'm facing the exact same challenge for Odoo 10.0.

    Would you be so kind to provide information on how you've tackled this issue?

    Currently I'm doubting between providing my own module based on auth_oauth and the ADAL implementation in Python.

    Another approach would be to reinstate the Odoo 8 module auth_openid. Which I believe would have to be rewritten from OpenID 2.0 to OpenID Connect 1.0

    Kind Regards,

    Rik Vermeer, NL

    Tuesday, June 13, 2017 9:37 AM
  • Hello, I'm trying to setup Odoo 8 software with single sign-on support on Azure Active Directory. Odoo 8 has integrated support for OAuth 2.0 protocol. This software is working fine with facebook or google accounts.

    I'm having trouble with Azure Active Directory setup. My question is if there is any option (in the application manifest.json for example) to configure Azure AD in a way that OAuth 2 protocol can be used for single sign-on instead of OpenID connect. 

    I know these protocols are much alike, but I've walked the following path.

    The link generated for users SSO in Odoo 8 is the following by default:

    https://login.microsoftonline.com/f1d1f721-7267-4c90-bb8e-a608819634f8/oauth2/authorize?state=%7B%22p%22%3A+5%2C+%22r%22%3A+%22http%253A%252F%252Flocalhost%252Fopenerp.wsgi%252Fweb%253F%22%2C+%22d%22%3A+%22demo1%22%7D&
    redirect_uri=http%3A%2F%2F192.168.237.140%2Fopenerp.wsgi%2Fauth_oauth%2Fsignin&
    response_type=token&
    client_id=d5c2d076-c4a1-4e0e-8002-6d4df4ed0092&
    debug=False&
    scope=False

    For Azure AD to support the url parameter "response_type=token" I found that the property oauth2AllowImplicitFlow must be changed to TRUE in the manifest.json for the application in Azure management portal.

    I also found that a parameter "resource=https%253A%252F%252Fgraph.windows.net" is missing in the above SSO url received from the OAuth module in Odoo 8.

    After these modifications I now get a succesfull token response from the Azure AD single sign-on endpoint.

    At this point I'm facing new difficulties with the single sign-on setup. So after reading several sources about OAuth I found that Azure is using OpenID connect for single sign-on and that OAuth is the base for this protocol. So I'm hoping for some setting in Azure AD to support basic OAuth instead of OpenID connect.

    Like I said, the software is working fine for Google, Twitter and Facebook. 

      

    Hi Friends,

    We have created a module in Odoo to offer Microsoft Azure - Odoo SSO for Odoo v10.

    I have module and document process ready to show. You can email me on contact at serpentcs dot com to communicate further.

    Regards,

    Jay Vora.
    Friday, November 10, 2017 8:39 AM
  • Hi Jay,

    Could you please help us with that module.

    You can contact me at dibindixitmurali at hotmail dot com

    Thanks,

    Dibin

    Tuesday, July 17, 2018 3:07 PM