On 23-06-11 20:20, Levente Bokor wrote:
Hi all,
Has anyone experience with implementing SSO in OpenERP or did anyone
come across an SSO module for OpenERP v6.x?
Hi Levente,
if your authentication scheme is supported by Apache, you can use Apache
proxy + web client. We have experimented with a set of patches that
allow the web client to delegate authentication to Apache. This opens up
the way to passwordless authentication to a Windows domain or a Linux
kerberos server as well as OpenID. Login is performed based on a shared
secret known to the OpenERP server and the web client.
Our patches are quite simple, but they do not address all of the
security issues. For one, as the web client logs users in when it finds
a particular header containing the user name, the web client should only
be accessible through the Apache proxy or else the header could be forged.
The OpenERP server patch can be made into a separate module. The web
client patch cannot be made into a V6.0 web addon, but it looks like it
might be possible for V6.1. If there is any demand for it, I can try to
find the time to post a blog containing both patches later this week,
although I would prefer to wait for the OpenID code from OpenERP to show
up and try to hook into that as it probably addresses many of the same
issues.
Cheers,
Stefan.
--
Therp - Maatwerk in open ontwikkeling
Stefan Rijnhart - Ontwerp en implementatie
mail: ste...@therp.nl
tel: +31 (0) 614478606
web: http://therp.nl
___
Mailing list: https://launchpad.net/~openerp-community
Post to : openerp-community@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openerp-community
More help : https://help.launchpad.net/ListHelp
