SAML2 Authentication

auth_saml
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/18.0/auth_saml
VERSION
VERSION 1.1.3
CATEGORY
CATEGORYTools
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), XCG Consulting
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), XCG Consulting
COMMITTERS
COMMITTERSStefan Rijnhart, Weblate, OCA-git-bot, oca-ci, Cyril Dutrieux (cydu), John Wilson, Vincent Hatakeyama, bt-dlagin
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:30:10
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES pysaml2
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES xmlsec1
DESCRIPTION
DESCRIPTION
Let users log into Odoo via an SAML2 identity provider.

This module allows to deport the management of users and passwords in an
external authentication system to provide SSO functionality (Single Sign
On) between Odoo and other applications of your ecosystem.

**Benefits**:

- Reducing the time spent typing different passwords for different
  accounts.
- Reducing the time spent in IT support for password oversights.
- Centralizing authentication systems.
- Securing all input levels / exit / access to multiple systems without
  prompting users.
- The centralization of access control information for compliance
  testing to different standards.

Code Analysis

Views touched (7)
XML IDNameModelTypeStatus
auth_saml.login Samlv2 Login buttons ir.ui.view qweb Inherits web.login
auth_saml.providers Auth SAML Providers ir.ui.view qweb New
auth_saml_base_settings_form auth_saml_base_settings_form res.config.settings xpath Inherits base.res_config_settings_view_form
auth_saml_provider_view_search auth.saml.provider.search auth.saml.provider search New
view_saml_provider_form auth.saml.provider.form auth.saml.provider form New
view_saml_provider_list auth.saml.provider.list auth.saml.provider list New
view_users_form res.users.form res.users xpath Inherits base.view_users_form
Models touched (7)

New fields (3)
  • attribute_name Char
    required=True string='IDP Response Attribute'
  • field_name Selection
    required=True selection='_field_name_selection' string='Odoo Field'
  • provider_id Many2one → auth.saml.provider
    index=True required=True args: 'auth.saml.provider'
Public methods (0)

No public methods.

New fields (26)
  • active Boolean
    default=True
  • attribute_mapping_ids One2many → auth.saml.attribute.mapping
    string='Attribute Mapping' args: 'auth.saml.attribute.mapping', 'provider_id'
  • authn_requests_signed Boolean
    default=True help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
  • autoredirect Boolean
    default=False help='Only the provider with the higher priority will be automatically redirected' args: 'Automatic Redirection'
  • body Char
    help='Link text in Login Dialog' string='Login button label' translate=True
  • css_class Char
    default='fa fa-fw fa-sign-in text-primary' help='Add a CSS class that serves you to style the login button.' string='Button Icon CSS class'
  • entity_id Char
    default='odoo' help='EntityID passed to IDP, used to identify the Odoo' required=True args: 'Entity ID'
  • idp_metadata Text
    help='Configuration for this Identity Provider. Supplied by the provider, in XML format.' required=True string='Identity Provider Metadata'
  • idp_metadata_url Char
    help='Some SAML providers, notably Office365 can have a metadata document which changes over time, and they provide a URL to the document instead. When this field is set, the metadata can be fetched from the provided URL.' string='Identity Provider Metadata URL'
  • logout_requests_signed Boolean
    default=True help='Indicates if this entity will sign the Logout Requests originated from it.'
  • matching_attribute Char
    default='subject.nameId' help='Attribute to look for in the returned IDP response to match against an Odoo user.' required=True string='Identity Provider matching attribute'
  • matching_attribute_to_lower Boolean
    help='Force matching_attribute to lower case before passing back to Odoo.' string='Lowercase IDP Matching Attribute'
  • name Char
    index='trigram' required=True args: 'Provider Name'
  • sequence Integer
    index=True
  • sig_alg Selection
    required=True selection=<expr> string='Signature Algorithm'
  • sign_authenticate_requests Boolean
    default=True help='Whether the request should be signed or not'
  • sign_metadata Boolean
    default=True help='Whether metadata should be signed or not'
  • sp_baseurl Text
    help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url' string='Override Base URL'
  • sp_metadata_url Char
    compute='_compute_sp_metadata_url' readonly=True string='Metadata URL'
  • sp_pem_private Binary
    attachment=True required=True string='Odoo Private Key'
  • sp_pem_private_filename Char
    args: 'Odoo Private Key File Name'
  • sp_pem_public Binary
    attachment=True required=True string='Odoo Public Certificate'
  • sp_pem_public_filename Char
    args: 'Odoo Public Certificate File Name'
  • want_assertions_or_response_signed Boolean
    default=True help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
  • want_assertions_signed Boolean
    default=True help='Indicates if this SP wants the IdP to send the assertions signed.'
  • want_response_signed Boolean
    default=True help='Indicates that Authentication Responses to this SP must be signed.'
Public methods (1)
  • action_refresh_metadata_from_url(self)

New fields (2)
  • saml_provider_id Many2one → auth.saml.provider
    required=True string='SAML Provider that issued the token' args: 'auth.saml.provider'
  • saml_request_id Char
    required=True args: 'Current Request ID'
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (3)
  • create(self, vals_list)
    @api.model_create_multi
    Redefined to update users when our parameter is changed.
  • unlink(self)
    Redefined to update users when our parameter is deleted.
  • write(self, vals)
    Redefined to update users when our parameter is changed.

New fields (1)
  • allow_saml_uid_and_internal_password Boolean
    config_parameter=ALLOW_SAML_UID_AND_PASSWORD args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
Public methods (0)

No public methods.

New fields (1)
  • saml_ids One2many → res.users.saml
    args: 'res.users.saml', 'user_id'
Public methods (3)
  • allow_saml_and_password(self) -> bool
    @api.model
    Can both SAML and local password auth methods coexist.
  • allow_saml_and_password_changed(self)
    Called after the parameter is changed.
  • auth_saml(self, provider: int, saml_response: str, base_url: str=None)
    @api.model

New fields (4)
  • saml_access_token Char
    help='The current SAML token in use' required=False args: 'Current SAML token for this user'
  • saml_provider_id Many2one → auth.saml.provider
    index=True string='SAML Provider' args: 'auth.saml.provider'
  • saml_uid Char
    help='SAML Provider user_id' required=True args: 'SAML User ID'
  • user_id Many2one → res.users
    index=True required=True args: 'res.users'
Public methods (1)
  • create(self, vals_list)
    @api.model_create_multi
    Creates new records for the res.users.saml model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/17.0/auth_saml
VERSION
VERSION 1.1.0
CATEGORY
CATEGORYTools
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), XCG SAS
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), XCG SAS
COMMITTERS
COMMITTERSWeblate, OCA-git-bot, oca-ci, Vincent Hatakeyama, andrea
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 19:20:04
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES pysaml2
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES xmlsec1
DESCRIPTION
DESCRIPTION
Let users log into Odoo via an SAML2 identity provider.

This module allows to deport the management of users and passwords in an
external authentication system to provide SSO functionality (Single Sign
On) between Odoo and other applications of your ecosystem.

**Benefits**:

- Reducing the time spent typing different passwords for different
  accounts.
- Reducing the time spent in IT support for password oversights.
- Centralizing authentication systems.
- Securing all input levels / exit / access to multiple systems without
  prompting users.
- The centralization of access control information for compliance
  testing to different standards.

Code Analysis

Views touched (7)
XML IDNameModelTypeStatus
auth_saml.login Samlv2 Login buttons ir.ui.view qweb Inherits web.login
auth_saml.providers Auth SAML Providers ir.ui.view qweb New
auth_saml_base_settings_form auth_saml_base_settings_form res.config.settings xpath Inherits base.res_config_settings_view_form
auth_saml_provider_view_search auth.saml.provider.search auth.saml.provider search New
view_saml_provider_form auth.saml.provider.form auth.saml.provider form New
view_saml_provider_list auth.saml.provider.list auth.saml.provider tree New
view_users_form res.users.form res.users xpath Inherits base.view_users_form
Models touched (7)

New fields (3)
  • attribute_name Char
    required=True string='IDP Response Attribute'
  • field_name Selection
    required=True selection='_field_name_selection' string='Odoo Field'
  • provider_id Many2one → auth.saml.provider
    index=True ondelete='cascade' required=True args: 'auth.saml.provider'
Public methods (0)

No public methods.

New fields (28)
  • active Boolean
    default=True
  • attribute_mapping_ids One2many → auth.saml.attribute.mapping
    copy=True string='Attribute Mapping' args: 'auth.saml.attribute.mapping', 'provider_id'
  • authn_requests_signed Boolean
    default=True help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
  • autoredirect Boolean
    default=False help='Only the provider with the higher priority will be automatically redirected' args: 'Automatic Redirection'
  • body Char
    help='Link text in Login Dialog' string='Login button label' translate=True
  • create_user Boolean
    default=False help='Create user if not found. The login and name will defaults to the SAML user matching attribute. Use the mapping attributes to change the value used. If a deactivated user has a matching saml uid, activate it rather thancreate a new one.'
  • create_user_reactivate Boolean
    default=False help='If a deactivated user has a matching SAML uid when trying to create the user, and this is checked, then the user is reactivated. Otherwise,access is denied.' args: 'Reactivate when Creating Users'
  • create_user_template_id Many2one → res.users
    comodel_name='res.users' default=<expr> domain="[('active', 'in', (True, False))]" help='When creating user, this user is used as a template'
  • css_class Char
    default='fa fa-fw fa-sign-in text-primary' help='Add a CSS class that serves you to style the login button.' string='Button Icon CSS class'
  • entity_id Char
    default='odoo' help='EntityID passed to IDP, used to identify the Odoo' required=True args: 'Entity ID'
  • idp_metadata Text
    help='Configuration for this Identity Provider. Supplied by the provider, in XML format.' required=True string='Identity Provider Metadata'
  • logout_requests_signed Boolean
    default=True help='Indicates if this entity will sign the Logout Requests originated from it.'
  • matching_attribute Char
    default='subject.nameId' help='Attribute to look for in the returned IDP response to match against an Odoo user.' required=True string='Identity Provider matching attribute'
  • matching_attribute_to_lower Boolean
    help='Force matching_attribute to lower case before passing back to Odoo.' string='Lowercase IDP Matching Attribute'
  • name Char
    index='trigram' required=True args: 'Provider Name'
  • sequence Integer
    index=True
  • sig_alg Selection
    required=True selection=<expr> string='Signature Algorithm'
  • sign_authenticate_requests Boolean
    default=True help='Whether the request should be signed or not'
  • sign_metadata Boolean
    default=True help='Whether metadata should be signed or not'
  • sp_baseurl Text
    help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url' string='Override Base URL'
  • sp_metadata_url Char
    compute='_compute_sp_metadata_url' readonly=True string='Metadata URL'
  • sp_pem_private Binary
    attachment=True required=True string='Odoo Private Key'
  • sp_pem_private_filename Char
    args: 'Odoo Private Key File Name'
  • sp_pem_public Binary
    attachment=True required=True string='Odoo Public Certificate'
  • sp_pem_public_filename Char
    args: 'Odoo Public Certificate File Name'
  • want_assertions_or_response_signed Boolean
    default=True help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
  • want_assertions_signed Boolean
    default=True help='Indicates if this SP wants the IdP to send the assertions signed.'
  • want_response_signed Boolean
    default=True help='Indicates that Authentication Responses to this SP must be signed.'
Public methods (0)

No public methods.

New fields (2)
  • saml_provider_id Many2one → auth.saml.provider
    required=True string='SAML Provider that issued the token' args: 'auth.saml.provider'
  • saml_request_id Char
    required=True args: 'Current Request ID'
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (3)
  • create(self, vals_list)
    @api.model_create_multi
    Redefined to update users when our parameter is changed.
  • unlink(self)
    Redefined to update users when our parameter is deleted.
  • write(self, vals)
    Redefined to update users when our parameter is changed.

New fields (1)
  • allow_saml_uid_and_internal_password Boolean
    config_parameter=ALLOW_SAML_UID_AND_PASSWORD args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
Public methods (0)

No public methods.

New fields (1)
  • saml_ids One2many → res.users.saml
    args: 'res.users.saml', 'user_id'
Public methods (3)
  • allow_saml_and_password(self) -> bool
    @api.model
    Can both SAML and local password auth methods coexist.
  • allow_saml_and_password_changed(self)
    Called after the parameter is changed.
  • auth_saml(self, provider: int, saml_response: str, base_url: str=None)
    @api.model

New fields (4)
  • saml_access_token Char
    help='The current SAML token in use' required=False args: 'Current SAML token for this user'
  • saml_provider_id Many2one → auth.saml.provider
    index=True string='SAML Provider' args: 'auth.saml.provider'
  • saml_uid Char
    help='SAML Provider user_id' required=True args: 'SAML User ID'
  • user_id Many2one → res.users
    index=True ondelete='cascade' required=True args: 'res.users'
Public methods (1)
  • create(self, vals_list)
    @api.model_create_multi
    Creates new records for the res.users.saml model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/16.0/auth_saml
VERSION
VERSION 1.2.1
CATEGORY
CATEGORYTools
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), XCG Consulting
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), XCG Consulting
COMMITTERS
COMMITTERSStéphane Bidoul, Yannick Vaucher, Alexandre Fayolle, eLBati, Maxime Chambreuil, Pedro M. Baeza, Jairo Llopis, OCA Transbot, Denis Leemann, Moises Lopez - https://www.vauxoo.com/, oca-travis, Weblate, OCA-git-bot, Simone Orsi, oca-ci, eilst, Karl Southern, Cyril Dutrieux (cydu), Vincent Hatakeyama, Camille Morand, Jesus Ventosinos, Torvald Baade Bringsvor
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:53:43
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES pysaml2
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES xmlsec1
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (7)
XML IDNameModelTypeStatus
auth_saml.login Samlv2 Login buttons ir.ui.view qweb Inherits web.login
auth_saml.providers Auth SAML Providers ir.ui.view qweb New
auth_saml_base_settings_form auth_saml_base_settings_form res.config.settings xpath Inherits base.res_config_settings_view_form
auth_saml_provider_view_search auth.saml.provider.search auth.saml.provider search New
view_saml_provider_form auth.saml.provider.form auth.saml.provider form New
view_saml_provider_list auth.saml.provider.list auth.saml.provider tree New
view_users_form res.users.form res.users xpath Inherits base.view_users_form
Models touched (7)

New fields (3)
  • attribute_name Char
    required=True string='IDP Response Attribute'
  • field_name Selection
    required=True selection='_field_name_selection' string='Odoo Field'
  • provider_id Many2one → auth.saml.provider
    index=True required=True args: 'auth.saml.provider'
Public methods (0)

No public methods.

New fields (26)
  • active Boolean
    default=True
  • attribute_mapping_ids One2many → auth.saml.attribute.mapping
    string='Attribute Mapping' args: 'auth.saml.attribute.mapping', 'provider_id'
  • authn_requests_signed Boolean
    default=True help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
  • autoredirect Boolean
    default=False help='Only the provider with the higher priority will be automatically redirected' args: 'Automatic Redirection'
  • body Char
    help='Link text in Login Dialog' string='Login button label' translate=True
  • css_class Char
    default='fa fa-fw fa-sign-in text-primary' help='Add a CSS class that serves you to style the login button.' string='Button Icon CSS class'
  • entity_id Char
    default='odoo' help='EntityID passed to IDP, used to identify the Odoo' required=True args: 'Entity ID'
  • idp_metadata Text
    help='Configuration for this Identity Provider. Supplied by the provider, in XML format.' required=True string='Identity Provider Metadata'
  • idp_metadata_url Char
    help='Some SAML providers, notably Office365 can have a metadata document which changes over time, and they provide a URL to the document instead. When this field is set, the metadata can be fetched from the provided URL.' string='Identity Provider Metadata URL'
  • logout_requests_signed Boolean
    default=True help='Indicates if this entity will sign the Logout Requests originated from it.'
  • matching_attribute Char
    default='subject.nameId' help='Attribute to look for in the returned IDP response to match against an Odoo user.' required=True string='Identity Provider matching attribute'
  • matching_attribute_to_lower Boolean
    help='Force matching_attribute to lower case before passing back to Odoo.' string='Lowercase IDP Matching Attribute'
  • name Char
    index='trigram' required=True args: 'Provider Name'
  • sequence Integer
    index=True
  • sig_alg Selection
    required=True selection=<expr> string='Signature Algorithm'
  • sign_authenticate_requests Boolean
    default=True help='Whether the request should be signed or not'
  • sign_metadata Boolean
    default=True help='Whether metadata should be signed or not'
  • sp_baseurl Text
    help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url' string='Override Base URL'
  • sp_metadata_url Char
    compute='_compute_sp_metadata_url' readonly=True string='Metadata URL'
  • sp_pem_private Binary
    attachment=True required=True string='Odoo Private Key'
  • sp_pem_private_filename Char
    args: 'Odoo Private Key File Name'
  • sp_pem_public Binary
    attachment=True required=True string='Odoo Public Certificate'
  • sp_pem_public_filename Char
    args: 'Odoo Public Certificate File Name'
  • want_assertions_or_response_signed Boolean
    default=True help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
  • want_assertions_signed Boolean
    default=True help='Indicates if this SP wants the IdP to send the assertions signed.'
  • want_response_signed Boolean
    default=True help='Indicates that Authentication Responses to this SP must be signed.'
Public methods (1)
  • action_refresh_metadata_from_url(self)

New fields (2)
  • saml_provider_id Many2one → auth.saml.provider
    required=True string='SAML Provider that issued the token' args: 'auth.saml.provider'
  • saml_request_id Char
    required=True args: 'Current Request ID'
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (3)
  • create(self, vals_list)
    @api.model_create_multi
    Redefined to update users when our parameter is changed.
  • unlink(self)
    Redefined to update users when our parameter is deleted.
  • write(self, vals)
    Redefined to update users when our parameter is changed.

New fields (1)
  • allow_saml_uid_and_internal_password Boolean
    config_parameter=ALLOW_SAML_UID_AND_PASSWORD args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
Public methods (0)

No public methods.

New fields (1)
  • saml_ids One2many → res.users.saml
    args: 'res.users.saml', 'user_id'
Public methods (3)
  • allow_saml_and_password(self) -> bool
    @api.model
    Can both SAML and local password auth methods coexist.
  • allow_saml_and_password_changed(self)
    Called after the parameter is changed.
  • auth_saml(self, provider: int, saml_response: str, base_url: str=None)
    @api.model

New fields (4)
  • saml_access_token Char
    help='The current SAML token in use' required=False args: 'Current SAML token for this user'
  • saml_provider_id Many2one → auth.saml.provider
    index=True string='SAML Provider' args: 'auth.saml.provider'
  • saml_uid Char
    help='SAML Provider user_id' required=True args: 'SAML User ID'
  • user_id Many2one → res.users
    index=True required=True args: 'res.users'
Public methods (1)
  • create(self, vals_list)
    @api.model_create_multi
    Creates new records for the res.users.saml model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/15.0/auth_saml
VERSION
VERSION 1.4.6
CATEGORY
CATEGORYTools
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), XCG Consulting
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), XCG Consulting
COMMITTERS
COMMITTERSStéphane Bidoul, Alexandre Fayolle, OCA Transbot, Denis Leemann, Weblate, OCA-git-bot, oca-ci, Vincent Hatakeyama, Camille Morand, florian
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:46:32
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES pysaml2
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES xmlsec1
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (7)
XML IDNameModelTypeStatus
auth_saml.login Samlv2 Login buttons ir.ui.view qweb Inherits web.login
auth_saml.providers Auth SAML Providers ir.ui.view qweb New
auth_saml_base_settings_form auth_saml_base_settings_form res.config.settings xpath Inherits base.res_config_settings_view_form
auth_saml_provider_view_search auth.saml.provider.search auth.saml.provider search New
view_saml_provider_form auth.saml.provider.form auth.saml.provider form New
view_saml_provider_list auth.saml.provider.list auth.saml.provider tree New
view_users_form res.users.form res.users xpath Inherits base.view_users_form
Models touched (7)

New fields (3)
  • attribute_name Char
    required=True string='IDP Response Attribute'
  • field_name Selection
    required=True selection='_field_name_selection' string='Odoo Field'
  • provider_id Many2one → auth.saml.provider
    index=True required=True args: 'auth.saml.provider'
Public methods (0)

No public methods.

New fields (26)
  • active Boolean
    default=True
  • attribute_mapping_ids One2many → auth.saml.attribute.mapping
    string='Attribute Mapping' args: 'auth.saml.attribute.mapping', 'provider_id'
  • authn_requests_signed Boolean
    default=True help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
  • autoredirect Boolean
    default=False help='Only the provider with the higher priority will be automatically redirected' args: 'Automatic Redirection'
  • body Char
    help='Link text in Login Dialog' string='Login button label' translate=True
  • css_class Char
    default='fa fa-fw fa-sign-in text-primary' help='Add a CSS class that serves you to style the login button.' string='Button Icon CSS class'
  • entity_id Char
    default='odoo' help='EntityID passed to IDP, used to identify the Odoo' required=True args: 'Entity ID'
  • idp_metadata Text
    help='Configuration for this Identity Provider. Supplied by the provider, in XML format.' required=True string='Identity Provider Metadata'
  • idp_metadata_url Char
    help='Some SAML providers, notably Office365 can have a metadata document which changes over time, and they provide a URL to the document instead. When this field is set, the metadata can be fetched from the provided URL.' string='Identity Provider Metadata URL'
  • logout_requests_signed Boolean
    default=True help='Indicates if this entity will sign the Logout Requests originated from it.'
  • matching_attribute Char
    default='subject.nameId' help='Attribute to look for in the returned IDP response to match against an Odoo user.' required=True string='Identity Provider matching attribute'
  • matching_attribute_to_lower Boolean
    help='Force matching_attribute to lower case before passing back to Odoo.' string='Lowercase IDP Matching Attribute'
  • name Char
    index=True required=True args: 'Provider Name'
  • sequence Integer
    index=True
  • sig_alg Selection
    required=True selection=<expr> string='Signature Algorithm'
  • sign_authenticate_requests Boolean
    default=True help='Whether the request should be signed or not'
  • sign_metadata Boolean
    default=True help='Whether metadata should be signed or not'
  • sp_baseurl Text
    help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url' string='Override Base URL'
  • sp_metadata_url Char
    compute='_compute_sp_metadata_url' readonly=True string='Metadata URL'
  • sp_pem_private Binary
    attachment=True required=True string='Odoo Private Key'
  • sp_pem_private_filename Char
    args: 'Odoo Private Key File Name'
  • sp_pem_public Binary
    attachment=True required=True string='Odoo Public Certificate'
  • sp_pem_public_filename Char
    args: 'Odoo Public Certificate File Name'
  • want_assertions_or_response_signed Boolean
    default=True help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
  • want_assertions_signed Boolean
    default=True help='Indicates if this SP wants the IdP to send the assertions signed.'
  • want_response_signed Boolean
    default=True help='Indicates that Authentication Responses to this SP must be signed.'
Public methods (1)
  • action_refresh_metadata_from_url(self)

New fields (2)
  • saml_provider_id Many2one → auth.saml.provider
    required=True string='SAML Provider that issued the token' args: 'auth.saml.provider'
  • saml_request_id Char
    required=True args: 'Current Request ID'
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (3)
  • create(self, vals_list)
    @api.model_create_multi
    Redefined to update users when our parameter is changed.
  • unlink(self)
    Redefined to update users when our parameter is deleted.
  • write(self, vals)
    Redefined to update users when our parameter is changed.

New fields (1)
  • allow_saml_uid_and_internal_password Boolean
    config_parameter=ALLOW_SAML_UID_AND_PASSWORD args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
Public methods (0)

No public methods.

New fields (1)
  • saml_ids One2many → res.users.saml
    args: 'res.users.saml', 'user_id'
Public methods (3)
  • allow_saml_and_password(self) -> bool
    @api.model
    Can both SAML and local password auth methods coexist.
  • allow_saml_and_password_changed(self)
    Called after the parameter is changed.
  • auth_saml(self, provider: int, saml_response: str, base_url: str=None)
    @api.model

New fields (4)
  • saml_access_token Char
    help='The current SAML token in use' required=False args: 'Current SAML token for this user'
  • saml_provider_id Many2one → auth.saml.provider
    index=True string='SAML Provider' args: 'auth.saml.provider'
  • saml_uid Char
    help='SAML Provider user_id' required=True args: 'SAML User ID'
  • user_id Many2one → res.users
    index=True required=True args: 'res.users'
Public methods (1)
  • create(self, vals_list)
    @api.model_create_multi
    Creates new records for the res.users.saml model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/14.0/auth_saml
VERSION
VERSION 1.2.2
CATEGORY
CATEGORYTools
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), XCG Consulting
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), XCG Consulting
COMMITTERS
COMMITTERSAlexandre Fayolle, OCA Transbot, vrenaville, Denis Leemann, oca-travis, Weblate, OCA-git-bot, Simone Orsi, oca-ci, Karl Southern, Ricardoalso, Vincent Hatakeyama, oca-git-bot
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:40:55
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES pysaml2
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES xmlsec1
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (7)
XML IDNameModelTypeStatus
auth_saml.login Samlv2 Login buttons ir.ui.view qweb Inherits web.login
auth_saml.providers Auth SAML Providers ir.ui.view qweb New
auth_saml_base_settings_form auth_saml_base_settings_form res.config.settings xpath Inherits base.res_config_settings_view_form
auth_saml_provider_view_search auth.saml.provider.search auth.saml.provider search New
view_saml_provider_form auth.saml.provider.form auth.saml.provider form New
view_saml_provider_list auth.saml.provider.list auth.saml.provider tree New
view_users_form res.users.form res.users xpath Inherits base.view_users_form
Models touched (7)

New fields (3)
  • attribute_name Char
    required=True string='IDP Response Attribute'
  • field_name Selection
    required=True selection='_field_name_selection' string='Odoo Field'
  • provider_id Many2one → auth.saml.provider
    index=True required=True args: 'auth.saml.provider'
Public methods (0)

No public methods.

New fields (26)
  • active Boolean
    default=True
  • attribute_mapping_ids One2many → auth.saml.attribute.mapping
    string='Attribute Mapping' args: 'auth.saml.attribute.mapping', 'provider_id'
  • authn_requests_signed Boolean
    default=True help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
  • autoredirect Boolean
    default=False help='Only the provider with the higher priority will be automatically redirected' args: 'Automatic Redirection'
  • body Char
    string='Button Description'
  • css_class Char
    help='Add a CSS class that serves you to style the login button.' string='Button Icon CSS class'
  • entity_id Char
    default='odoo' help='EntityID passed to IDP, used to identify the Odoo' required=True args: 'Entity ID'
  • idp_metadata Text
    help='Configuration for this Identity Provider. Supplied by the provider, in XML format.' required=True string='Identity Provider Metadata'
  • idp_metadata_url Char
    help='Some SAML providers, notably Office365 can have a metadata document which changes over time, and they provide a URL to the document instead. When this field is set, the metadata can be fetched from the provided URL.' string='Identity Provider Metadata URL'
  • logout_requests_signed Boolean
    default=True help='Indicates if this entity will sign the Logout Requests originated from it.'
  • matching_attribute Char
    default='subject.nameId' help='Attribute to look for in the returned IDP response to match against an Odoo user.' required=True string='Identity Provider matching attribute'
  • matching_attribute_to_lower Boolean
    help='Force matching_attribute to lower case before passing back to Odoo.' string='Lowercase IDP Matching Attribute'
  • name Char
    index=True required=True args: 'Provider Name'
  • sequence Integer
    index=True
  • sig_alg Selection
    required=True selection=<expr> string='Signature Algorithm'
  • sign_authenticate_requests Boolean
    default=True help='Whether the request should be signed or not'
  • sign_metadata Boolean
    default=True help='Whether metadata should be signed or not'
  • sp_baseurl Text
    help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url' string='Override Base URL'
  • sp_metadata_url Char
    compute='_compute_sp_metadata_url' readonly=True string='Metadata URL'
  • sp_pem_private Binary
    attachment=True required=True string='Odoo Private Key'
  • sp_pem_private_filename Char
    args: 'Odoo Private Key File Name'
  • sp_pem_public Binary
    attachment=True required=True string='Odoo Public Certificate'
  • sp_pem_public_filename Char
    args: 'Odoo Public Certificate File Name'
  • want_assertions_or_response_signed Boolean
    default=True help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
  • want_assertions_signed Boolean
    default=True help='Indicates if this SP wants the IdP to send the assertions signed.'
  • want_response_signed Boolean
    default=True help='Indicates that Authentication Responses to this SP must be signed.'
Public methods (1)
  • action_refresh_metadata_from_url(self)

New fields (2)
  • saml_provider_id Many2one → auth.saml.provider
    required=True string='SAML Provider that issued the token' args: 'auth.saml.provider'
  • saml_request_id Char
    required=True args: 'Current Request ID'
Public methods (0)

No public methods.

New fields (0)

No new fields.

Public methods (3)
  • create(self, vals_list)
    @api.model_create_multi
    Redefined to update users when our parameter is changed.
  • unlink(self)
    Redefined to update users when our parameter is deleted.
  • write(self, vals)
    Redefined to update users when our parameter is changed.

New fields (1)
  • allow_saml_uid_and_internal_password Boolean
    config_parameter=ALLOW_SAML_UID_AND_PASSWORD args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
Public methods (0)

No public methods.

New fields (1)
  • saml_ids One2many → res.users.saml
    args: 'res.users.saml', 'user_id'
Public methods (3)
  • allow_saml_and_password(self) -> bool
    @api.model
    Can both SAML and local password auth methods coexist.
  • allow_saml_and_password_changed(self)
    Called after the parameter is changed.
  • auth_saml(self, provider: int, saml_response: str, base_url: str=None)
    @api.model

New fields (4)
  • saml_access_token Char
    help='The current SAML token in use' required=False args: 'Current SAML token for this user'
  • saml_provider_id Many2one → auth.saml.provider
    index=True string='SAML Provider' args: 'auth.saml.provider'
  • saml_uid Char
    help='SAML Provider user_id' required=True args: 'SAML User ID'
  • user_id Many2one → res.users
    index=True required=True args: 'res.users'
Public methods (1)
  • create(self, vals_list)
    @api.model_create_multi
    Creates new records for the res.users.saml model
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/13.0/auth_saml
VERSION
VERSION 1.0.2
CATEGORY
CATEGORYTools
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), XCG Consulting
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), XCG Consulting
COMMITTERS
COMMITTERSDenis Roussel, oca-travis, Weblate, OCA-git-bot, Karl Southern, Vincent Hatakeyama
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:34:11
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES pysaml2
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (6)
XML IDNameModelTypeStatus
auth_saml.login Samlv2 Login buttons ir.ui.view qweb Inherits web.login
auth_saml.providers Auth SAML Providers ir.ui.view qweb New
auth_saml_base_settings_form auth_saml_base_settings_form res.config.settings xpath Inherits base.res_config_settings_view_form
view_saml_provider_form auth.saml.provider.form auth.saml.provider form New
view_saml_provider_list auth.saml.provider.list auth.saml.provider tree New
view_users_form res.users.form res.users xpath Inherits base.view_users_form
Models touched (7)

New fields (3)
  • attribute_name Char
    required=True string='IDP Response Attribute'
  • field_name Selection
    required=True selection='_field_name_selection' string='Odoo Field'
  • provider_id Many2one → auth.saml.provider
    index=True required=True args: 'auth.saml.provider'
Public methods (0)

No public methods.

New fields (16)
  • active Boolean
    default=True
  • attribute_mapping_ids One2many → auth.saml.attribute.mapping
    string='Attribute Mapping' args: 'auth.saml.attribute.mapping', 'provider_id'
  • body Char
    string='Button Description'
  • css_class Char
    help='Add a CSS class that serves you to style the login button.' string='Button Icon CSS class'
  • entity_id Char
    default='odoo' help='EntityID passed to IDP, used to identify the Odoo' required=True args: 'Entity ID'
  • idp_metadata Text
    help='Configuration for this Identity Provider. Supplied by the provider, in XML format.' string='Identity Provider Metadata'
  • matching_attribute Char
    default='subject.nameId' help='Attribute to look for in the returned IDP response to match against an Odoo user.' required=True string='Identity Provider matching attribute'
  • matching_attribute_to_lower Boolean
    help='Force matching_attribute to lower case before passing back to\n Odoo.' string='Lowercase IDP Matching Attribute'
  • name Char
    index=True required=True args: 'Provider name'
  • sequence Integer
    index=True
  • sig_alg Selection
    required=True selection=<expr> string='Signature Algorithm'
  • sign Boolean
    default=True help='Whether requests should be signed or not'
  • sp_baseurl Text
    help='Base Url sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url\n ' string='Override Base Url'
  • sp_metadata_url Char
    compute='_compute_sp_metadata_url' readonly=True string='Metadata URL'
  • sp_pem_private Binary
    attachment=True string='Odoo Private Key'
  • sp_pem_public Binary
    attachment=True string='Odoo Certificate'
Public methods (0)

No public methods.

New fields (2)
  • saml_provider_id Many2one → auth.saml.provider
    required=True string='SAML Provider that issued the token' args: 'auth.saml.provider'
  • saml_request_id Char
    required=True args: 'Current Request ID'
Public methods (0)

No public methods.

New fields (3)
  • saml_access_token Char
    help='The current SAML token in use' required=False args: 'Current SAML token for this user'
  • saml_provider_id Many2one → auth.saml.provider
    required=True string='SAML Provider that issued the token' args: 'auth.saml.provider'
  • user_id Many2one → res.users
    index=True ondelete='cascade' required=True string='User' args: 'res.users'
Public methods (0)

No public methods.

New fields (1)
  • allow_saml_uid_and_internal_password Boolean
    config_parameter='auth_saml.allow_saml_uid_and_internal_password' args: 'Allow SAML users to posess an Odoo password (warning: decreases security)'
Public methods (0)

No public methods.

New fields (1)
  • saml_ids One2many → res.users.saml
    args: 'res.users.saml', 'user_id'
Public methods (4)
  • auth_saml(self, provider, saml_response, base_url=None)
    @api.model
  • check_no_password_with_saml(self)
    @api.constrains('password', 'saml_ids')
    Ensure no Odoo user posesses both an SAML user ID and an Odoo password. Except admin which is not constrained by this rule.
  • create(self, vals_list)
    @api.model_create_multi
  • write(self, vals)

New fields (3)
  • saml_provider_id Many2one → auth.saml.provider
    index=True string='SAML Provider' args: 'auth.saml.provider'
  • saml_uid Char
    help='SAML Provider user_id' required=True args: 'SAML User ID'
  • user_id Many2one → res.users
    index=True required=True args: 'res.users'
Public methods (0)

No public methods.

REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/12.0/auth_saml
VERSION
VERSION 1.0.1
CATEGORY
CATEGORYTools
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), XCG Consulting
MAINTAINERS
MAINTAINERSOdoo Community Association (OCA), XCG Consulting
COMMITTERS
COMMITTERSeLBati, Jairo Llopis, OCA Transbot, oca-travis, OCA-git-bot
WEBSITE
WEBSITEhttps://github.com/OCA/server-auth
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:29:15
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES lasso
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (6)
XML IDNameModelTypeStatus
auth_saml.login Samlv2 Login buttons ir.ui.view qweb Inherits web.login
auth_saml.providers Auth SAML Providers ir.ui.view qweb New
auth_saml_base_settings_form auth_saml_base_settings_form res.config.settings xpath Inherits base_setup.res_config_settings_view_form
view_saml_provider_form auth.saml.provider.form auth.saml.provider form New
view_saml_provider_list auth.saml.provider.list auth.saml.provider tree New
view_users_form res.users.form res.users xpath Inherits base.view_users_form
Models touched (4)

New fields (9)
  • active Boolean
    default=True
  • body Char
  • css_class Char
    help='Add a CSS class that serves you to style the login button.' string='CSS class'
  • idp_metadata Text
    help='Configuration for this Identity Provider' string='IDP Configuration'
  • matching_attribute Char
    default='subject.nameId' required=True
  • name Char
    index=True required=True args: 'Provider name'
  • sequence Integer
    index=True
  • sp_metadata Text
    help='Configuration for the Service Provider (this Odoo instance)' string='SP Configuration'
  • sp_pkey Text
    help='Private key for the Service Provider (this Odoo instance)' string='SP private key'
Public methods (0)

No public methods.

New fields (3)
  • saml_access_token Char
    help='The current SAML token in use' required=True args: 'Current SAML token for this user'
  • saml_provider_id Many2one → auth.saml.provider
    required=True string='SAML Provider that issued the token' args: 'auth.saml.provider'
  • user_id Many2one → res.users
    index=True ondelete='cascade' required=True string='User' args: 'res.users'
Public methods (0)

No public methods.

New fields (1)
  • allow_saml_uid_and_internal_password Boolean
    string='Allow SAML users to posess an Odoo password (warning: decreases security)'
Public methods (2)
  • get_values(self)
    @api.model
  • set_values(self)

New fields (2)
  • saml_provider_id Many2one → auth.saml.provider
    string='SAML Provider' args: 'auth.saml.provider'
  • saml_uid Char
    help='SAML Provider user_id' args: 'SAML User ID'
Public methods (4)
  • auth_saml(self, provider, saml_response)
    @api.model
  • check_no_password_with_saml(self)
    @api.constrains('password', 'saml_uid')
    Ensure no Odoo user posesses both an SAML user ID and an Odoo password. Except admin which is not constrained by this rule.
  • create(self, vals_list)
    @api.model_create_multi
  • write(self, vals)
    @api.multi
REPOSITORY
REPOSITORYOCA/server-auth
GIT
GIThttps://github.com/OCA/server-auth.git
GIT FOLDER
GIT FOLDERhttps://github.com/OCA/server-auth/tree/11.0/auth_saml
VERSION
VERSION 1.0.0
CATEGORY
CATEGORYTools
LICENSE
LICENSEAGPL-3
APPLICATION
APPLICATIONNo
AUTO-INSTALLABLE
AUTO-INSTALLABLENo
AUTHORS
AUTHORSOdoo Community Association (OCA), XCG Consulting
MAINTAINERS
MAINTAINERSXCG Consulting
COMMITTERS
COMMITTERSMaxime Chambreuil, GitHub, OCA Transbot, oca-travis, OCA-git-bot, eilst
WEBSITE
WEBSITEhttp://odoo.consulting
LAST TRACKING UPDATE
LAST TRACKING UPDATE2026-07-06 00:23:56
ODOO DEPENDENCIES
ODOO DEPENDENCIES odoo/odoo:
    - base_setup
    - base
    - web
    - auth_crypt
PYTHON DEPENDENCIES
PYTHON DEPENDENCIES Not have
SYSTEM DEPENDENCIES
SYSTEM DEPENDENCIES Not have
DESCRIPTION
DESCRIPTION

Code Analysis

Views touched (6)
XML IDNameModelTypeStatus
auth_saml.login Samlv2 Login buttons ir.ui.view qweb Inherits web.login
auth_saml.providers Auth SAML Providers ir.ui.view qweb New
auth_saml_base_settings_form auth_saml_base_settings_form res.config.settings xpath Inherits base_setup.res_config_settings_view_form
view_saml_provider_form auth.saml.provider.form auth.saml.provider form New
view_saml_provider_list auth.saml.provider.list auth.saml.provider tree New
view_users_form res.users.form res.users xpath Inherits base.view_users_form
Models touched (4)

New fields (9)
  • body Char
    args: 'Body'
  • css_class Char
    args: 'CSS Class'
  • enabled Boolean
    default=False args: 'Enabled'
  • idp_metadata Text
    args: 'IDP Configuration'
  • matching_attribute Text
    default='subject.nameId' required=True string='Matching Attribute'
  • name Char
    args: 'Provider name'
  • sequence Integer
    args: 'Sequence'
  • sp_metadata Text
    args: 'SP Configuration'
  • sp_pkey Text
    args: 'Private key of our service provider (this openerpserver)'
Public methods (0)

No public methods.

New fields (3)
  • saml_access_token Char
    help='The current SAML token in use' args: 'Current SAML token for this user'
  • saml_provider_id Many2one → auth.saml.provider
    string='SAML Provider that issued the token' args: 'auth.saml.provider'
  • user_id Many2one → res.users
    ondelete='cascade' string='User' args: 'res.users'
Public methods (0)

No public methods.

New fields (1)
  • allow_saml_uid_and_internal_password Boolean
    string='Allow SAML users to posess an Odoo password (warning: decreases security)'
Public methods (3)
  • allow_saml_and_password(self)
    @api.model
    Read the allow_saml_uid_and_internal_password setting. Use the admin account to bypass security restrictions.
  • get_values(self)
    @api.model
  • set_values(self)
    @api.multi

New fields (2)
  • saml_provider_id Many2one → auth.saml.provider
    string='SAML Provider' args: 'auth.saml.provider'
  • saml_uid Char
    help='SAML Provider user_id' args: 'SAML User ID'
Public methods (4)
  • auth_saml(self, provider, saml_response)
    @api.model
  • check_credentials(self, token)
    @api.model
    Override to handle SAML auths. The token can be a password if the user has used the normal form... but we are more interested in the case when they are tokens and the interesting code is inside the "except" clause.
  • check_no_password_with_saml(self)
    @api.constrains('password_crypt', 'password', 'saml_uid')
    Ensure no Odoo user posesses both an SAML user ID and an Odoo password. Except admin which is not constrained by this rule.
  • write(self, vals)
    @api.multi
    Override to clear out the user's password when setting an SAML user ID (as they can't cohabit).
STATUS
STATUSOpen migration PR - not merged yet for this version
REPOSITORY
REPOSITORYOCA/server-auth
PULL REQUEST
PULL REQUEST[19.0][MIG] auth_saml: Migration to 19.0 (#871)