From 0513ca281fdaf1d2e731a765884528687d82db0c Mon Sep 17 00:00:00 2001 From: OCA-git-bot Date: Mon, 9 Oct 2023 11:48:09 +0000 Subject: [PATCH] [BOT] post-merge updates --- README.md | 2 +- auth_oidc/README.rst | 36 ++++++++++++++++--------- auth_oidc/__manifest__.py | 2 +- auth_oidc/static/description/index.html | 32 +++++++++++++--------- 4 files changed, 46 insertions(+), 26 deletions(-) diff --git a/README.md b/README.md index be88efabda..6d36fc7b24 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ addon | version | maintainers | summary [auth_jwt](auth_jwt/) | 16.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | JWT bearer token authentication. [auth_jwt_demo](auth_jwt_demo/) | 16.0.1.1.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Test/demo module for auth_jwt. [auth_ldaps](auth_ldaps/) | 16.0.1.0.0 | | Allows to use LDAP over SSL authentication -[auth_oidc](auth_oidc/) | 16.0.1.0.0 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider +[auth_oidc](auth_oidc/) | 16.0.1.0.1 | [![sbidoul](https://github.com/sbidoul.png?size=30px)](https://github.com/sbidoul) | Allow users to login through OpenID Connect Provider [auth_oidc_environment](auth_oidc_environment/) | 16.0.1.0.0 | | This module allows to use server env for OIDC configuration [auth_saml](auth_saml/) | 16.0.1.0.2 | [![vincent-hatakeyama](https://github.com/vincent-hatakeyama.png?size=30px)](https://github.com/vincent-hatakeyama) | SAML2 Authentication [auth_session_timeout](auth_session_timeout/) | 16.0.1.0.0 | | This module disable all inactive sessions since a given delay diff --git a/auth_oidc/README.rst b/auth_oidc/README.rst index 6cafbe6c07..a0ca767c5e 100644 --- a/auth_oidc/README.rst +++ b/auth_oidc/README.rst @@ -7,7 +7,7 @@ Authentication OpenID Connect !! This file is generated by oca-gen-addon-readme !! !! changes will be overwritten. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - !! source digest: sha256:0e77943e35a7d7c6fb3b6f9e5753d5870e6023f5614e17f7bc0c32522086c49a + !! source digest: sha256:bdea2939597996bddfbd2c7949c8da2ad701b61203c3fd62c0c640bb5721eaf1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png @@ -51,11 +51,9 @@ Configuration Setup for Microsoft Azure ~~~~~~~~~~~~~~~~~~~~~~~~~ -Example configuration with OpenID Connect implicit flow. -This configuration is not recommended because it exposes the access token -to the client, and in logs. +Example configuration with OpenID Connect authorization code flow. -# configure a new web application in Azure with OpenID and implicit flow (see +# configure a new web application in Azure with OpenID and code flow (see the `provider documentation `_) # in this application the redirect url must be be "`_ for more information): -* Provider Name: Azure -* Auth Flow: OpenID Connect -* Client ID: use the value of the OAuth2 autorization endoing (v2) from the Azure Endpoints list -* Body: Azure SSO -* Authentication URL: use the value of "OAuth2 autorization endpoint (v2)" from the Azure endpoints list -* Scope: openid email -* Validation URL: use the value of "OAuth2 token endpoint (v2)" from the Azure endpoints list +.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png + +.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png + +Single tenant provider limits the access to user of your tenant, +while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login +without an guest account. + +* Provider Name: Azure AD Single Tenant +* Client ID: Application (client) id +* Client Secret: Client secret * Allowed: yes +or + +* Provider Name: Azure AD Multitenant +* Client ID: Application (client) id +* Client Secret: Client secret +* Allowed: yes +* replace {tenant_id} in urls with your Azure tenant id + +.. image:: https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png + Setup for Keycloak ~~~~~~~~~~~~~~~~~~ diff --git a/auth_oidc/__manifest__.py b/auth_oidc/__manifest__.py index 5b36b46407..1d4a3e1a7a 100644 --- a/auth_oidc/__manifest__.py +++ b/auth_oidc/__manifest__.py @@ -4,7 +4,7 @@ { "name": "Authentication OpenID Connect", - "version": "16.0.1.0.0", + "version": "16.0.1.0.1", "license": "AGPL-3", "author": ( "ICTSTUDIO, André Schenkels, " diff --git a/auth_oidc/static/description/index.html b/auth_oidc/static/description/index.html index 384f6ddcff..6ff3594f3c 100644 --- a/auth_oidc/static/description/index.html +++ b/auth_oidc/static/description/index.html @@ -367,7 +367,7 @@

Authentication OpenID Connect

!! This file is generated by oca-gen-addon-readme !! !! changes will be overwritten. !! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -!! source digest: sha256:0e77943e35a7d7c6fb3b6f9e5753d5870e6023f5614e17f7bc0c32522086c49a +!! source digest: sha256:bdea2939597996bddfbd2c7949c8da2ad701b61203c3fd62c0c640bb5721eaf1 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->

Beta License: AGPL-3 OCA/server-auth Translate me on Weblate Try me on Runboat

This module allows users to login through an OpenID Connect provider using the @@ -409,11 +409,9 @@

Installation

Configuration

Setup for Microsoft Azure

-

Example configuration with OpenID Connect implicit flow. -This configuration is not recommended because it exposes the access token -to the client, and in logs.

+

Example configuration with OpenID Connect authorization code flow.

-
# configure a new web application in Azure with OpenID and implicit flow (see
+
# configure a new web application in Azure with OpenID and code flow (see
the provider documentation)
# in this application the redirect url must be be “<url of your
server>/auth_oauth/signin” and of course this URL should be reachable from @@ -422,16 +420,26 @@

Setup for Microsoft Azure

parameters (see the portal documentation for more information):
+https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-api_permissions.png +https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/oauth-microsoft_azure-optional_claims.png +

Single tenant provider limits the access to user of your tenant, +while Multitenants allow access for all AzureAD users, so user of foreign companies can use their AzureAD login +without an guest account.

    -
  • Provider Name: Azure
    • -
  • Auth Flow: OpenID Connect
    • -
  • Client ID: use the value of the OAuth2 autorization endoing (v2) from the Azure Endpoints list
    • -
  • Body: Azure SSO
    • -
  • Authentication URL: use the value of “OAuth2 autorization endpoint (v2)” from the Azure endpoints list
    • -
  • Scope: openid email
    • -
  • Validation URL: use the value of “OAuth2 token endpoint (v2)” from the Azure endpoints list
    • +
  • Provider Name: Azure AD Single Tenant
    • +
  • Client ID: Application (client) id
    • +
  • Client Secret: Client secret
    • +
  • Allowed: yes
    • +
+

or

+
    +
  • Provider Name: Azure AD Multitenant
    • +
  • Client ID: Application (client) id
    • +
  • Client Secret: Client secret
  • Allowed: yes
    • +
  • replace {tenant_id} in urls with your Azure tenant id
+https://raw.githubusercontent.com/OCA/server-auth/16.0/auth_oidc/..static/description/odoo-azure_ad_multitenant.png