| REPOSITORY | |
|---|---|
| REPOSITORY | OCA/server-auth |
| GIT | |
| GIT | https://github.com/OCA/server-auth.git |
| GIT FOLDER | |
| GIT FOLDER | https://github.com/OCA/server-auth/tree/18.0/auth_saml |
| VERSION | |
| VERSION | 1.1.3 |
| CATEGORY | |
| CATEGORY | Tools |
| LICENSE | |
| LICENSE | AGPL-3 |
| APPLICATION | |
| APPLICATION | No |
| AUTO-INSTALLABLE | |
| AUTO-INSTALLABLE | No |
| AUTHORS | |
| AUTHORS | Odoo Community Association (OCA), XCG Consulting |
| MAINTAINERS | |
| MAINTAINERS | Odoo Community Association (OCA), XCG Consulting |
| COMMITTERS | |
| COMMITTERS | Stefan Rijnhart, Weblate, OCA-git-bot, oca-ci, Cyril Dutrieux (cydu), John Wilson, Vincent Hatakeyama, bt-dlagin |
| WEBSITE | |
| WEBSITE | https://github.com/OCA/server-auth |
| LAST TRACKING UPDATE | |
| LAST TRACKING UPDATE | 2026-07-06 19:30:10 |
| ODOO DEPENDENCIES | |
| ODOO DEPENDENCIES |
odoo/odoo: - base_setup - base - web |
| PYTHON DEPENDENCIES | |
| PYTHON DEPENDENCIES |
pysaml2 |
| SYSTEM DEPENDENCIES | |
| SYSTEM DEPENDENCIES |
xmlsec1 |
| DESCRIPTION | |
| DESCRIPTION | Let users log into Odoo via an SAML2 identity provider. This module allows to deport the management of users and passwords in an external authentication system to provide SSO functionality (Single Sign On) between Odoo and other applications of your ecosystem. **Benefits**: - Reducing the time spent typing different passwords for different accounts. - Reducing the time spent in IT support for password oversights. - Centralizing authentication systems. - Securing all input levels / exit / access to multiple systems without prompting users. - The centralization of access control information for compliance testing to different standards. |
| XML ID | Name | Model | Type | Status |
|---|---|---|---|---|
auth_saml.login |
Samlv2 Login buttons | ir.ui.view | qweb | Inherits web.login |
auth_saml.providers |
Auth SAML Providers | ir.ui.view | qweb | New |
auth_saml_base_settings_form |
auth_saml_base_settings_form | res.config.settings | xpath | Inherits base.res_config_settings_view_form |
auth_saml_provider_view_search |
auth.saml.provider.search | auth.saml.provider | search | New |
view_saml_provider_form |
auth.saml.provider.form | auth.saml.provider | form | New |
view_saml_provider_list |
auth.saml.provider.list | auth.saml.provider | list | New |
view_users_form |
res.users.form | res.users | xpath | Inherits base.view_users_form |
attribute_name
Char
required=True
string='IDP Response Attribute'
field_name
Selection
required=True
selection='_field_name_selection'
string='Odoo Field'
provider_id
Many2one → auth.saml.provider
index=True
required=True
args: 'auth.saml.provider'
No public methods.
active
Boolean
default=True
attribute_mapping_ids
One2many → auth.saml.attribute.mapping
string='Attribute Mapping'
args: 'auth.saml.attribute.mapping', 'provider_id'
authn_requests_signed
Boolean
default=True
help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
autoredirect
Boolean
default=False
help='Only the provider with the higher priority will be automatically redirected'
args: 'Automatic Redirection'
body
Char
help='Link text in Login Dialog'
string='Login button label'
translate=True
css_class
Char
default='fa fa-fw fa-sign-in text-primary'
help='Add a CSS class that serves you to style the login button.'
string='Button Icon CSS class'
entity_id
Char
default='odoo'
help='EntityID passed to IDP, used to identify the Odoo'
required=True
args: 'Entity ID'
idp_metadata
Text
help='Configuration for this Identity Provider. Supplied by the provider, in XML format.'
required=True
string='Identity Provider Metadata'
idp_metadata_url
Char
help='Some SAML providers, notably Office365 can have a metadata document which changes over time, and they provide a URL to the document instead. When this field is set, the metadata can be fetched from the provided URL.'
string='Identity Provider Metadata URL'
logout_requests_signed
Boolean
default=True
help='Indicates if this entity will sign the Logout Requests originated from it.'
matching_attribute
Char
default='subject.nameId'
help='Attribute to look for in the returned IDP response to match against an Odoo user.'
required=True
string='Identity Provider matching attribute'
matching_attribute_to_lower
Boolean
help='Force matching_attribute to lower case before passing back to Odoo.'
string='Lowercase IDP Matching Attribute'
name
Char
index='trigram'
required=True
args: 'Provider Name'
sequence
Integer
index=True
sig_alg
Selection
required=True
selection=<expr>
string='Signature Algorithm'
sign_authenticate_requests
Boolean
default=True
help='Whether the request should be signed or not'
sign_metadata
Boolean
default=True
help='Whether metadata should be signed or not'
sp_baseurl
Text
help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url'
string='Override Base URL'
sp_metadata_url
Char
compute='_compute_sp_metadata_url'
readonly=True
string='Metadata URL'
sp_pem_private
Binary
attachment=True
required=True
string='Odoo Private Key'
sp_pem_private_filename
Char
sp_pem_public
Binary
attachment=True
required=True
string='Odoo Public Certificate'
sp_pem_public_filename
Char
want_assertions_or_response_signed
Boolean
default=True
help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
want_assertions_signed
Boolean
default=True
help='Indicates if this SP wants the IdP to send the assertions signed.'
want_response_signed
Boolean
default=True
help='Indicates that Authentication Responses to this SP must be signed.'
action_refresh_metadata_from_url(self)
saml_provider_id
Many2one → auth.saml.provider
required=True
string='SAML Provider that issued the token'
args: 'auth.saml.provider'
saml_request_id
Char
required=True
args: 'Current Request ID'
No public methods.
No new fields.
Public methods (3)create(self, vals_list)
unlink(self)
write(self, vals)
allow_saml_uid_and_internal_password
Boolean
config_parameter=ALLOW_SAML_UID_AND_PASSWORD
args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
No public methods.
saml_ids
One2many → res.users.saml
allow_saml_and_password(self) -> bool
allow_saml_and_password_changed(self)
auth_saml(self, provider: int, saml_response: str, base_url: str=None)
saml_access_token
Char
help='The current SAML token in use'
required=False
args: 'Current SAML token for this user'
saml_provider_id
Many2one → auth.saml.provider
index=True
string='SAML Provider'
args: 'auth.saml.provider'
saml_uid
Char
help='SAML Provider user_id'
required=True
args: 'SAML User ID'
user_id
Many2one → res.users
index=True
required=True
args: 'res.users'
create(self, vals_list)
| REPOSITORY | |
|---|---|
| REPOSITORY | OCA/server-auth |
| GIT | |
| GIT | https://github.com/OCA/server-auth.git |
| GIT FOLDER | |
| GIT FOLDER | https://github.com/OCA/server-auth/tree/17.0/auth_saml |
| VERSION | |
| VERSION | 1.1.0 |
| CATEGORY | |
| CATEGORY | Tools |
| LICENSE | |
| LICENSE | AGPL-3 |
| APPLICATION | |
| APPLICATION | No |
| AUTO-INSTALLABLE | |
| AUTO-INSTALLABLE | No |
| AUTHORS | |
| AUTHORS | Odoo Community Association (OCA), XCG SAS |
| MAINTAINERS | |
| MAINTAINERS | Odoo Community Association (OCA), XCG SAS |
| COMMITTERS | |
| COMMITTERS | Weblate, OCA-git-bot, oca-ci, Vincent Hatakeyama, andrea |
| WEBSITE | |
| WEBSITE | https://github.com/OCA/server-auth |
| LAST TRACKING UPDATE | |
| LAST TRACKING UPDATE | 2026-07-06 19:20:04 |
| ODOO DEPENDENCIES | |
| ODOO DEPENDENCIES |
odoo/odoo: - base_setup - base - web |
| PYTHON DEPENDENCIES | |
| PYTHON DEPENDENCIES |
pysaml2 |
| SYSTEM DEPENDENCIES | |
| SYSTEM DEPENDENCIES |
xmlsec1 |
| DESCRIPTION | |
| DESCRIPTION | Let users log into Odoo via an SAML2 identity provider. This module allows to deport the management of users and passwords in an external authentication system to provide SSO functionality (Single Sign On) between Odoo and other applications of your ecosystem. **Benefits**: - Reducing the time spent typing different passwords for different accounts. - Reducing the time spent in IT support for password oversights. - Centralizing authentication systems. - Securing all input levels / exit / access to multiple systems without prompting users. - The centralization of access control information for compliance testing to different standards. |
| XML ID | Name | Model | Type | Status |
|---|---|---|---|---|
auth_saml.login |
Samlv2 Login buttons | ir.ui.view | qweb | Inherits web.login |
auth_saml.providers |
Auth SAML Providers | ir.ui.view | qweb | New |
auth_saml_base_settings_form |
auth_saml_base_settings_form | res.config.settings | xpath | Inherits base.res_config_settings_view_form |
auth_saml_provider_view_search |
auth.saml.provider.search | auth.saml.provider | search | New |
view_saml_provider_form |
auth.saml.provider.form | auth.saml.provider | form | New |
view_saml_provider_list |
auth.saml.provider.list | auth.saml.provider | tree | New |
view_users_form |
res.users.form | res.users | xpath | Inherits base.view_users_form |
attribute_name
Char
required=True
string='IDP Response Attribute'
field_name
Selection
required=True
selection='_field_name_selection'
string='Odoo Field'
provider_id
Many2one → auth.saml.provider
index=True
ondelete='cascade'
required=True
args: 'auth.saml.provider'
No public methods.
active
Boolean
default=True
attribute_mapping_ids
One2many → auth.saml.attribute.mapping
copy=True
string='Attribute Mapping'
args: 'auth.saml.attribute.mapping', 'provider_id'
authn_requests_signed
Boolean
default=True
help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
autoredirect
Boolean
default=False
help='Only the provider with the higher priority will be automatically redirected'
args: 'Automatic Redirection'
body
Char
help='Link text in Login Dialog'
string='Login button label'
translate=True
create_user
Boolean
default=False
help='Create user if not found. The login and name will defaults to the SAML user matching attribute. Use the mapping attributes to change the value used. If a deactivated user has a matching saml uid, activate it rather thancreate a new one.'
create_user_reactivate
Boolean
default=False
help='If a deactivated user has a matching SAML uid when trying to create the user, and this is checked, then the user is reactivated. Otherwise,access is denied.'
args: 'Reactivate when Creating Users'
create_user_template_id
Many2one → res.users
comodel_name='res.users'
default=<expr>
domain="[('active', 'in', (True, False))]"
help='When creating user, this user is used as a template'
css_class
Char
default='fa fa-fw fa-sign-in text-primary'
help='Add a CSS class that serves you to style the login button.'
string='Button Icon CSS class'
entity_id
Char
default='odoo'
help='EntityID passed to IDP, used to identify the Odoo'
required=True
args: 'Entity ID'
idp_metadata
Text
help='Configuration for this Identity Provider. Supplied by the provider, in XML format.'
required=True
string='Identity Provider Metadata'
logout_requests_signed
Boolean
default=True
help='Indicates if this entity will sign the Logout Requests originated from it.'
matching_attribute
Char
default='subject.nameId'
help='Attribute to look for in the returned IDP response to match against an Odoo user.'
required=True
string='Identity Provider matching attribute'
matching_attribute_to_lower
Boolean
help='Force matching_attribute to lower case before passing back to Odoo.'
string='Lowercase IDP Matching Attribute'
name
Char
index='trigram'
required=True
args: 'Provider Name'
sequence
Integer
index=True
sig_alg
Selection
required=True
selection=<expr>
string='Signature Algorithm'
sign_authenticate_requests
Boolean
default=True
help='Whether the request should be signed or not'
sign_metadata
Boolean
default=True
help='Whether metadata should be signed or not'
sp_baseurl
Text
help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url'
string='Override Base URL'
sp_metadata_url
Char
compute='_compute_sp_metadata_url'
readonly=True
string='Metadata URL'
sp_pem_private
Binary
attachment=True
required=True
string='Odoo Private Key'
sp_pem_private_filename
Char
sp_pem_public
Binary
attachment=True
required=True
string='Odoo Public Certificate'
sp_pem_public_filename
Char
want_assertions_or_response_signed
Boolean
default=True
help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
want_assertions_signed
Boolean
default=True
help='Indicates if this SP wants the IdP to send the assertions signed.'
want_response_signed
Boolean
default=True
help='Indicates that Authentication Responses to this SP must be signed.'
No public methods.
saml_provider_id
Many2one → auth.saml.provider
required=True
string='SAML Provider that issued the token'
args: 'auth.saml.provider'
saml_request_id
Char
required=True
args: 'Current Request ID'
No public methods.
No new fields.
Public methods (3)create(self, vals_list)
unlink(self)
write(self, vals)
allow_saml_uid_and_internal_password
Boolean
config_parameter=ALLOW_SAML_UID_AND_PASSWORD
args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
No public methods.
saml_ids
One2many → res.users.saml
allow_saml_and_password(self) -> bool
allow_saml_and_password_changed(self)
auth_saml(self, provider: int, saml_response: str, base_url: str=None)
saml_access_token
Char
help='The current SAML token in use'
required=False
args: 'Current SAML token for this user'
saml_provider_id
Many2one → auth.saml.provider
index=True
string='SAML Provider'
args: 'auth.saml.provider'
saml_uid
Char
help='SAML Provider user_id'
required=True
args: 'SAML User ID'
user_id
Many2one → res.users
index=True
ondelete='cascade'
required=True
args: 'res.users'
create(self, vals_list)
| REPOSITORY | |
|---|---|
| REPOSITORY | OCA/server-auth |
| GIT | |
| GIT | https://github.com/OCA/server-auth.git |
| GIT FOLDER | |
| GIT FOLDER | https://github.com/OCA/server-auth/tree/16.0/auth_saml |
| VERSION | |
| VERSION | 1.2.1 |
| CATEGORY | |
| CATEGORY | Tools |
| LICENSE | |
| LICENSE | AGPL-3 |
| APPLICATION | |
| APPLICATION | No |
| AUTO-INSTALLABLE | |
| AUTO-INSTALLABLE | No |
| AUTHORS | |
| AUTHORS | Odoo Community Association (OCA), XCG Consulting |
| MAINTAINERS | |
| MAINTAINERS | Odoo Community Association (OCA), XCG Consulting |
| COMMITTERS | |
| COMMITTERS | Stéphane Bidoul, Yannick Vaucher, Alexandre Fayolle, eLBati, Maxime Chambreuil, Pedro M. Baeza, Jairo Llopis, OCA Transbot, Denis Leemann, Moises Lopez - https://www.vauxoo.com/, oca-travis, Weblate, OCA-git-bot, Simone Orsi, oca-ci, eilst, Karl Southern, Cyril Dutrieux (cydu), Vincent Hatakeyama, Camille Morand, Jesus Ventosinos, Torvald Baade Bringsvor |
| WEBSITE | |
| WEBSITE | https://github.com/OCA/server-auth |
| LAST TRACKING UPDATE | |
| LAST TRACKING UPDATE | 2026-07-06 00:53:43 |
| ODOO DEPENDENCIES | |
| ODOO DEPENDENCIES |
odoo/odoo: - base_setup - base - web |
| PYTHON DEPENDENCIES | |
| PYTHON DEPENDENCIES |
pysaml2 |
| SYSTEM DEPENDENCIES | |
| SYSTEM DEPENDENCIES |
xmlsec1 |
| DESCRIPTION | |
| DESCRIPTION | |
| XML ID | Name | Model | Type | Status |
|---|---|---|---|---|
auth_saml.login |
Samlv2 Login buttons | ir.ui.view | qweb | Inherits web.login |
auth_saml.providers |
Auth SAML Providers | ir.ui.view | qweb | New |
auth_saml_base_settings_form |
auth_saml_base_settings_form | res.config.settings | xpath | Inherits base.res_config_settings_view_form |
auth_saml_provider_view_search |
auth.saml.provider.search | auth.saml.provider | search | New |
view_saml_provider_form |
auth.saml.provider.form | auth.saml.provider | form | New |
view_saml_provider_list |
auth.saml.provider.list | auth.saml.provider | tree | New |
view_users_form |
res.users.form | res.users | xpath | Inherits base.view_users_form |
attribute_name
Char
required=True
string='IDP Response Attribute'
field_name
Selection
required=True
selection='_field_name_selection'
string='Odoo Field'
provider_id
Many2one → auth.saml.provider
index=True
required=True
args: 'auth.saml.provider'
No public methods.
active
Boolean
default=True
attribute_mapping_ids
One2many → auth.saml.attribute.mapping
string='Attribute Mapping'
args: 'auth.saml.attribute.mapping', 'provider_id'
authn_requests_signed
Boolean
default=True
help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
autoredirect
Boolean
default=False
help='Only the provider with the higher priority will be automatically redirected'
args: 'Automatic Redirection'
body
Char
help='Link text in Login Dialog'
string='Login button label'
translate=True
css_class
Char
default='fa fa-fw fa-sign-in text-primary'
help='Add a CSS class that serves you to style the login button.'
string='Button Icon CSS class'
entity_id
Char
default='odoo'
help='EntityID passed to IDP, used to identify the Odoo'
required=True
args: 'Entity ID'
idp_metadata
Text
help='Configuration for this Identity Provider. Supplied by the provider, in XML format.'
required=True
string='Identity Provider Metadata'
idp_metadata_url
Char
help='Some SAML providers, notably Office365 can have a metadata document which changes over time, and they provide a URL to the document instead. When this field is set, the metadata can be fetched from the provided URL.'
string='Identity Provider Metadata URL'
logout_requests_signed
Boolean
default=True
help='Indicates if this entity will sign the Logout Requests originated from it.'
matching_attribute
Char
default='subject.nameId'
help='Attribute to look for in the returned IDP response to match against an Odoo user.'
required=True
string='Identity Provider matching attribute'
matching_attribute_to_lower
Boolean
help='Force matching_attribute to lower case before passing back to Odoo.'
string='Lowercase IDP Matching Attribute'
name
Char
index='trigram'
required=True
args: 'Provider Name'
sequence
Integer
index=True
sig_alg
Selection
required=True
selection=<expr>
string='Signature Algorithm'
sign_authenticate_requests
Boolean
default=True
help='Whether the request should be signed or not'
sign_metadata
Boolean
default=True
help='Whether metadata should be signed or not'
sp_baseurl
Text
help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url'
string='Override Base URL'
sp_metadata_url
Char
compute='_compute_sp_metadata_url'
readonly=True
string='Metadata URL'
sp_pem_private
Binary
attachment=True
required=True
string='Odoo Private Key'
sp_pem_private_filename
Char
sp_pem_public
Binary
attachment=True
required=True
string='Odoo Public Certificate'
sp_pem_public_filename
Char
want_assertions_or_response_signed
Boolean
default=True
help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
want_assertions_signed
Boolean
default=True
help='Indicates if this SP wants the IdP to send the assertions signed.'
want_response_signed
Boolean
default=True
help='Indicates that Authentication Responses to this SP must be signed.'
action_refresh_metadata_from_url(self)
saml_provider_id
Many2one → auth.saml.provider
required=True
string='SAML Provider that issued the token'
args: 'auth.saml.provider'
saml_request_id
Char
required=True
args: 'Current Request ID'
No public methods.
No new fields.
Public methods (3)create(self, vals_list)
unlink(self)
write(self, vals)
allow_saml_uid_and_internal_password
Boolean
config_parameter=ALLOW_SAML_UID_AND_PASSWORD
args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
No public methods.
saml_ids
One2many → res.users.saml
allow_saml_and_password(self) -> bool
allow_saml_and_password_changed(self)
auth_saml(self, provider: int, saml_response: str, base_url: str=None)
saml_access_token
Char
help='The current SAML token in use'
required=False
args: 'Current SAML token for this user'
saml_provider_id
Many2one → auth.saml.provider
index=True
string='SAML Provider'
args: 'auth.saml.provider'
saml_uid
Char
help='SAML Provider user_id'
required=True
args: 'SAML User ID'
user_id
Many2one → res.users
index=True
required=True
args: 'res.users'
create(self, vals_list)
| REPOSITORY | |
|---|---|
| REPOSITORY | OCA/server-auth |
| GIT | |
| GIT | https://github.com/OCA/server-auth.git |
| GIT FOLDER | |
| GIT FOLDER | https://github.com/OCA/server-auth/tree/15.0/auth_saml |
| VERSION | |
| VERSION | 1.4.6 |
| CATEGORY | |
| CATEGORY | Tools |
| LICENSE | |
| LICENSE | AGPL-3 |
| APPLICATION | |
| APPLICATION | No |
| AUTO-INSTALLABLE | |
| AUTO-INSTALLABLE | No |
| AUTHORS | |
| AUTHORS | Odoo Community Association (OCA), XCG Consulting |
| MAINTAINERS | |
| MAINTAINERS | Odoo Community Association (OCA), XCG Consulting |
| COMMITTERS | |
| COMMITTERS | Stéphane Bidoul, Alexandre Fayolle, OCA Transbot, Denis Leemann, Weblate, OCA-git-bot, oca-ci, Vincent Hatakeyama, Camille Morand, florian |
| WEBSITE | |
| WEBSITE | https://github.com/OCA/server-auth |
| LAST TRACKING UPDATE | |
| LAST TRACKING UPDATE | 2026-07-06 00:46:32 |
| ODOO DEPENDENCIES | |
| ODOO DEPENDENCIES |
odoo/odoo: - base_setup - base - web |
| PYTHON DEPENDENCIES | |
| PYTHON DEPENDENCIES |
pysaml2 |
| SYSTEM DEPENDENCIES | |
| SYSTEM DEPENDENCIES |
xmlsec1 |
| DESCRIPTION | |
| DESCRIPTION | |
| XML ID | Name | Model | Type | Status |
|---|---|---|---|---|
auth_saml.login |
Samlv2 Login buttons | ir.ui.view | qweb | Inherits web.login |
auth_saml.providers |
Auth SAML Providers | ir.ui.view | qweb | New |
auth_saml_base_settings_form |
auth_saml_base_settings_form | res.config.settings | xpath | Inherits base.res_config_settings_view_form |
auth_saml_provider_view_search |
auth.saml.provider.search | auth.saml.provider | search | New |
view_saml_provider_form |
auth.saml.provider.form | auth.saml.provider | form | New |
view_saml_provider_list |
auth.saml.provider.list | auth.saml.provider | tree | New |
view_users_form |
res.users.form | res.users | xpath | Inherits base.view_users_form |
attribute_name
Char
required=True
string='IDP Response Attribute'
field_name
Selection
required=True
selection='_field_name_selection'
string='Odoo Field'
provider_id
Many2one → auth.saml.provider
index=True
required=True
args: 'auth.saml.provider'
No public methods.
active
Boolean
default=True
attribute_mapping_ids
One2many → auth.saml.attribute.mapping
string='Attribute Mapping'
args: 'auth.saml.attribute.mapping', 'provider_id'
authn_requests_signed
Boolean
default=True
help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
autoredirect
Boolean
default=False
help='Only the provider with the higher priority will be automatically redirected'
args: 'Automatic Redirection'
body
Char
help='Link text in Login Dialog'
string='Login button label'
translate=True
css_class
Char
default='fa fa-fw fa-sign-in text-primary'
help='Add a CSS class that serves you to style the login button.'
string='Button Icon CSS class'
entity_id
Char
default='odoo'
help='EntityID passed to IDP, used to identify the Odoo'
required=True
args: 'Entity ID'
idp_metadata
Text
help='Configuration for this Identity Provider. Supplied by the provider, in XML format.'
required=True
string='Identity Provider Metadata'
idp_metadata_url
Char
help='Some SAML providers, notably Office365 can have a metadata document which changes over time, and they provide a URL to the document instead. When this field is set, the metadata can be fetched from the provided URL.'
string='Identity Provider Metadata URL'
logout_requests_signed
Boolean
default=True
help='Indicates if this entity will sign the Logout Requests originated from it.'
matching_attribute
Char
default='subject.nameId'
help='Attribute to look for in the returned IDP response to match against an Odoo user.'
required=True
string='Identity Provider matching attribute'
matching_attribute_to_lower
Boolean
help='Force matching_attribute to lower case before passing back to Odoo.'
string='Lowercase IDP Matching Attribute'
name
Char
index=True
required=True
args: 'Provider Name'
sequence
Integer
index=True
sig_alg
Selection
required=True
selection=<expr>
string='Signature Algorithm'
sign_authenticate_requests
Boolean
default=True
help='Whether the request should be signed or not'
sign_metadata
Boolean
default=True
help='Whether metadata should be signed or not'
sp_baseurl
Text
help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url'
string='Override Base URL'
sp_metadata_url
Char
compute='_compute_sp_metadata_url'
readonly=True
string='Metadata URL'
sp_pem_private
Binary
attachment=True
required=True
string='Odoo Private Key'
sp_pem_private_filename
Char
sp_pem_public
Binary
attachment=True
required=True
string='Odoo Public Certificate'
sp_pem_public_filename
Char
want_assertions_or_response_signed
Boolean
default=True
help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
want_assertions_signed
Boolean
default=True
help='Indicates if this SP wants the IdP to send the assertions signed.'
want_response_signed
Boolean
default=True
help='Indicates that Authentication Responses to this SP must be signed.'
action_refresh_metadata_from_url(self)
saml_provider_id
Many2one → auth.saml.provider
required=True
string='SAML Provider that issued the token'
args: 'auth.saml.provider'
saml_request_id
Char
required=True
args: 'Current Request ID'
No public methods.
No new fields.
Public methods (3)create(self, vals_list)
unlink(self)
write(self, vals)
allow_saml_uid_and_internal_password
Boolean
config_parameter=ALLOW_SAML_UID_AND_PASSWORD
args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
No public methods.
saml_ids
One2many → res.users.saml
allow_saml_and_password(self) -> bool
allow_saml_and_password_changed(self)
auth_saml(self, provider: int, saml_response: str, base_url: str=None)
saml_access_token
Char
help='The current SAML token in use'
required=False
args: 'Current SAML token for this user'
saml_provider_id
Many2one → auth.saml.provider
index=True
string='SAML Provider'
args: 'auth.saml.provider'
saml_uid
Char
help='SAML Provider user_id'
required=True
args: 'SAML User ID'
user_id
Many2one → res.users
index=True
required=True
args: 'res.users'
create(self, vals_list)
| REPOSITORY | |
|---|---|
| REPOSITORY | OCA/server-auth |
| GIT | |
| GIT | https://github.com/OCA/server-auth.git |
| GIT FOLDER | |
| GIT FOLDER | https://github.com/OCA/server-auth/tree/14.0/auth_saml |
| VERSION | |
| VERSION | 1.2.2 |
| CATEGORY | |
| CATEGORY | Tools |
| LICENSE | |
| LICENSE | AGPL-3 |
| APPLICATION | |
| APPLICATION | No |
| AUTO-INSTALLABLE | |
| AUTO-INSTALLABLE | No |
| AUTHORS | |
| AUTHORS | Odoo Community Association (OCA), XCG Consulting |
| MAINTAINERS | |
| MAINTAINERS | Odoo Community Association (OCA), XCG Consulting |
| COMMITTERS | |
| COMMITTERS | Alexandre Fayolle, OCA Transbot, vrenaville, Denis Leemann, oca-travis, Weblate, OCA-git-bot, Simone Orsi, oca-ci, Karl Southern, Ricardoalso, Vincent Hatakeyama, oca-git-bot |
| WEBSITE | |
| WEBSITE | https://github.com/OCA/server-auth |
| LAST TRACKING UPDATE | |
| LAST TRACKING UPDATE | 2026-07-06 00:40:55 |
| ODOO DEPENDENCIES | |
| ODOO DEPENDENCIES |
odoo/odoo: - base_setup - base - web |
| PYTHON DEPENDENCIES | |
| PYTHON DEPENDENCIES |
pysaml2 |
| SYSTEM DEPENDENCIES | |
| SYSTEM DEPENDENCIES |
xmlsec1 |
| DESCRIPTION | |
| DESCRIPTION | |
| XML ID | Name | Model | Type | Status |
|---|---|---|---|---|
auth_saml.login |
Samlv2 Login buttons | ir.ui.view | qweb | Inherits web.login |
auth_saml.providers |
Auth SAML Providers | ir.ui.view | qweb | New |
auth_saml_base_settings_form |
auth_saml_base_settings_form | res.config.settings | xpath | Inherits base.res_config_settings_view_form |
auth_saml_provider_view_search |
auth.saml.provider.search | auth.saml.provider | search | New |
view_saml_provider_form |
auth.saml.provider.form | auth.saml.provider | form | New |
view_saml_provider_list |
auth.saml.provider.list | auth.saml.provider | tree | New |
view_users_form |
res.users.form | res.users | xpath | Inherits base.view_users_form |
attribute_name
Char
required=True
string='IDP Response Attribute'
field_name
Selection
required=True
selection='_field_name_selection'
string='Odoo Field'
provider_id
Many2one → auth.saml.provider
index=True
required=True
args: 'auth.saml.provider'
No public methods.
active
Boolean
default=True
attribute_mapping_ids
One2many → auth.saml.attribute.mapping
string='Attribute Mapping'
args: 'auth.saml.attribute.mapping', 'provider_id'
authn_requests_signed
Boolean
default=True
help='Indicates if the Authentication Requests sent by this SP should be signed by default.'
autoredirect
Boolean
default=False
help='Only the provider with the higher priority will be automatically redirected'
args: 'Automatic Redirection'
body
Char
string='Button Description'
css_class
Char
help='Add a CSS class that serves you to style the login button.'
string='Button Icon CSS class'
entity_id
Char
default='odoo'
help='EntityID passed to IDP, used to identify the Odoo'
required=True
args: 'Entity ID'
idp_metadata
Text
help='Configuration for this Identity Provider. Supplied by the provider, in XML format.'
required=True
string='Identity Provider Metadata'
idp_metadata_url
Char
help='Some SAML providers, notably Office365 can have a metadata document which changes over time, and they provide a URL to the document instead. When this field is set, the metadata can be fetched from the provided URL.'
string='Identity Provider Metadata URL'
logout_requests_signed
Boolean
default=True
help='Indicates if this entity will sign the Logout Requests originated from it.'
matching_attribute
Char
default='subject.nameId'
help='Attribute to look for in the returned IDP response to match against an Odoo user.'
required=True
string='Identity Provider matching attribute'
matching_attribute_to_lower
Boolean
help='Force matching_attribute to lower case before passing back to Odoo.'
string='Lowercase IDP Matching Attribute'
name
Char
index=True
required=True
args: 'Provider Name'
sequence
Integer
index=True
sig_alg
Selection
required=True
selection=<expr>
string='Signature Algorithm'
sign_authenticate_requests
Boolean
default=True
help='Whether the request should be signed or not'
sign_metadata
Boolean
default=True
help='Whether metadata should be signed or not'
sp_baseurl
Text
help='Base URL sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url'
string='Override Base URL'
sp_metadata_url
Char
compute='_compute_sp_metadata_url'
readonly=True
string='Metadata URL'
sp_pem_private
Binary
attachment=True
required=True
string='Odoo Private Key'
sp_pem_private_filename
Char
sp_pem_public
Binary
attachment=True
required=True
string='Odoo Public Certificate'
sp_pem_public_filename
Char
want_assertions_or_response_signed
Boolean
default=True
help='Indicates that either the Authentication Response or the assertions contained within the response to this SP must be signed.'
want_assertions_signed
Boolean
default=True
help='Indicates if this SP wants the IdP to send the assertions signed.'
want_response_signed
Boolean
default=True
help='Indicates that Authentication Responses to this SP must be signed.'
action_refresh_metadata_from_url(self)
saml_provider_id
Many2one → auth.saml.provider
required=True
string='SAML Provider that issued the token'
args: 'auth.saml.provider'
saml_request_id
Char
required=True
args: 'Current Request ID'
No public methods.
No new fields.
Public methods (3)create(self, vals_list)
unlink(self)
write(self, vals)
allow_saml_uid_and_internal_password
Boolean
config_parameter=ALLOW_SAML_UID_AND_PASSWORD
args: 'Allow SAML users to possess an Odoo password (warning: decreases security)'
No public methods.
saml_ids
One2many → res.users.saml
allow_saml_and_password(self) -> bool
allow_saml_and_password_changed(self)
auth_saml(self, provider: int, saml_response: str, base_url: str=None)
saml_access_token
Char
help='The current SAML token in use'
required=False
args: 'Current SAML token for this user'
saml_provider_id
Many2one → auth.saml.provider
index=True
string='SAML Provider'
args: 'auth.saml.provider'
saml_uid
Char
help='SAML Provider user_id'
required=True
args: 'SAML User ID'
user_id
Many2one → res.users
index=True
required=True
args: 'res.users'
create(self, vals_list)
| REPOSITORY | |
|---|---|
| REPOSITORY | OCA/server-auth |
| GIT | |
| GIT | https://github.com/OCA/server-auth.git |
| GIT FOLDER | |
| GIT FOLDER | https://github.com/OCA/server-auth/tree/13.0/auth_saml |
| VERSION | |
| VERSION | 1.0.2 |
| CATEGORY | |
| CATEGORY | Tools |
| LICENSE | |
| LICENSE | AGPL-3 |
| APPLICATION | |
| APPLICATION | No |
| AUTO-INSTALLABLE | |
| AUTO-INSTALLABLE | No |
| AUTHORS | |
| AUTHORS | Odoo Community Association (OCA), XCG Consulting |
| MAINTAINERS | |
| MAINTAINERS | Odoo Community Association (OCA), XCG Consulting |
| COMMITTERS | |
| COMMITTERS | Denis Roussel, oca-travis, Weblate, OCA-git-bot, Karl Southern, Vincent Hatakeyama |
| WEBSITE | |
| WEBSITE | https://github.com/OCA/server-auth |
| LAST TRACKING UPDATE | |
| LAST TRACKING UPDATE | 2026-07-06 00:34:11 |
| ODOO DEPENDENCIES | |
| ODOO DEPENDENCIES |
odoo/odoo: - base_setup - base - web |
| PYTHON DEPENDENCIES | |
| PYTHON DEPENDENCIES |
pysaml2 |
| SYSTEM DEPENDENCIES | |
| SYSTEM DEPENDENCIES | Not have |
| DESCRIPTION | |
| DESCRIPTION | |
| XML ID | Name | Model | Type | Status |
|---|---|---|---|---|
auth_saml.login |
Samlv2 Login buttons | ir.ui.view | qweb | Inherits web.login |
auth_saml.providers |
Auth SAML Providers | ir.ui.view | qweb | New |
auth_saml_base_settings_form |
auth_saml_base_settings_form | res.config.settings | xpath | Inherits base.res_config_settings_view_form |
view_saml_provider_form |
auth.saml.provider.form | auth.saml.provider | form | New |
view_saml_provider_list |
auth.saml.provider.list | auth.saml.provider | tree | New |
view_users_form |
res.users.form | res.users | xpath | Inherits base.view_users_form |
attribute_name
Char
required=True
string='IDP Response Attribute'
field_name
Selection
required=True
selection='_field_name_selection'
string='Odoo Field'
provider_id
Many2one → auth.saml.provider
index=True
required=True
args: 'auth.saml.provider'
No public methods.
active
Boolean
default=True
attribute_mapping_ids
One2many → auth.saml.attribute.mapping
string='Attribute Mapping'
args: 'auth.saml.attribute.mapping', 'provider_id'
body
Char
string='Button Description'
css_class
Char
help='Add a CSS class that serves you to style the login button.'
string='Button Icon CSS class'
entity_id
Char
default='odoo'
help='EntityID passed to IDP, used to identify the Odoo'
required=True
args: 'Entity ID'
idp_metadata
Text
help='Configuration for this Identity Provider. Supplied by the provider, in XML format.'
string='Identity Provider Metadata'
matching_attribute
Char
default='subject.nameId'
help='Attribute to look for in the returned IDP response to match against an Odoo user.'
required=True
string='Identity Provider matching attribute'
matching_attribute_to_lower
Boolean
help='Force matching_attribute to lower case before passing back to\n Odoo.'
string='Lowercase IDP Matching Attribute'
name
Char
index=True
required=True
args: 'Provider name'
sequence
Integer
index=True
sig_alg
Selection
required=True
selection=<expr>
string='Signature Algorithm'
sign
Boolean
default=True
help='Whether requests should be signed or not'
sp_baseurl
Text
help='Base Url sent to Odoo with this, rather than automatically\n detecting from request or system parameter web.base.url\n '
string='Override Base Url'
sp_metadata_url
Char
compute='_compute_sp_metadata_url'
readonly=True
string='Metadata URL'
sp_pem_private
Binary
attachment=True
string='Odoo Private Key'
sp_pem_public
Binary
attachment=True
string='Odoo Certificate'
No public methods.
saml_provider_id
Many2one → auth.saml.provider
required=True
string='SAML Provider that issued the token'
args: 'auth.saml.provider'
saml_request_id
Char
required=True
args: 'Current Request ID'
No public methods.
saml_access_token
Char
help='The current SAML token in use'
required=False
args: 'Current SAML token for this user'
saml_provider_id
Many2one → auth.saml.provider
required=True
string='SAML Provider that issued the token'
args: 'auth.saml.provider'
user_id
Many2one → res.users
index=True
ondelete='cascade'
required=True
string='User'
args: 'res.users'
No public methods.
allow_saml_uid_and_internal_password
Boolean
config_parameter='auth_saml.allow_saml_uid_and_internal_password'
args: 'Allow SAML users to posess an Odoo password (warning: decreases security)'
No public methods.
saml_ids
One2many → res.users.saml
auth_saml(self, provider, saml_response, base_url=None)
check_no_password_with_saml(self)
create(self, vals_list)
write(self, vals)
saml_provider_id
Many2one → auth.saml.provider
index=True
string='SAML Provider'
args: 'auth.saml.provider'
saml_uid
Char
help='SAML Provider user_id'
required=True
args: 'SAML User ID'
user_id
Many2one → res.users
index=True
required=True
args: 'res.users'
No public methods.
| REPOSITORY | |
|---|---|
| REPOSITORY | OCA/server-auth |
| GIT | |
| GIT | https://github.com/OCA/server-auth.git |
| GIT FOLDER | |
| GIT FOLDER | https://github.com/OCA/server-auth/tree/12.0/auth_saml |
| VERSION | |
| VERSION | 1.0.1 |
| CATEGORY | |
| CATEGORY | Tools |
| LICENSE | |
| LICENSE | AGPL-3 |
| APPLICATION | |
| APPLICATION | No |
| AUTO-INSTALLABLE | |
| AUTO-INSTALLABLE | No |
| AUTHORS | |
| AUTHORS | Odoo Community Association (OCA), XCG Consulting |
| MAINTAINERS | |
| MAINTAINERS | Odoo Community Association (OCA), XCG Consulting |
| COMMITTERS | |
| COMMITTERS | eLBati, Jairo Llopis, OCA Transbot, oca-travis, OCA-git-bot |
| WEBSITE | |
| WEBSITE | https://github.com/OCA/server-auth |
| LAST TRACKING UPDATE | |
| LAST TRACKING UPDATE | 2026-07-06 00:29:15 |
| ODOO DEPENDENCIES | |
| ODOO DEPENDENCIES |
odoo/odoo: - base_setup - base - web |
| PYTHON DEPENDENCIES | |
| PYTHON DEPENDENCIES |
lasso |
| SYSTEM DEPENDENCIES | |
| SYSTEM DEPENDENCIES | Not have |
| DESCRIPTION | |
| DESCRIPTION | |
| XML ID | Name | Model | Type | Status |
|---|---|---|---|---|
auth_saml.login |
Samlv2 Login buttons | ir.ui.view | qweb | Inherits web.login |
auth_saml.providers |
Auth SAML Providers | ir.ui.view | qweb | New |
auth_saml_base_settings_form |
auth_saml_base_settings_form | res.config.settings | xpath | Inherits base_setup.res_config_settings_view_form |
view_saml_provider_form |
auth.saml.provider.form | auth.saml.provider | form | New |
view_saml_provider_list |
auth.saml.provider.list | auth.saml.provider | tree | New |
view_users_form |
res.users.form | res.users | xpath | Inherits base.view_users_form |
active
Boolean
default=True
body
Char
css_class
Char
help='Add a CSS class that serves you to style the login button.'
string='CSS class'
idp_metadata
Text
help='Configuration for this Identity Provider'
string='IDP Configuration'
matching_attribute
Char
default='subject.nameId'
required=True
name
Char
index=True
required=True
args: 'Provider name'
sequence
Integer
index=True
sp_metadata
Text
help='Configuration for the Service Provider (this Odoo instance)'
string='SP Configuration'
sp_pkey
Text
help='Private key for the Service Provider (this Odoo instance)'
string='SP private key'
No public methods.
saml_access_token
Char
help='The current SAML token in use'
required=True
args: 'Current SAML token for this user'
saml_provider_id
Many2one → auth.saml.provider
required=True
string='SAML Provider that issued the token'
args: 'auth.saml.provider'
user_id
Many2one → res.users
index=True
ondelete='cascade'
required=True
string='User'
args: 'res.users'
No public methods.
allow_saml_uid_and_internal_password
Boolean
string='Allow SAML users to posess an Odoo password (warning: decreases security)'
get_values(self)
set_values(self)
saml_provider_id
Many2one → auth.saml.provider
string='SAML Provider'
args: 'auth.saml.provider'
saml_uid
Char
help='SAML Provider user_id'
args: 'SAML User ID'
auth_saml(self, provider, saml_response)
check_no_password_with_saml(self)
create(self, vals_list)
write(self, vals)
| REPOSITORY | |
|---|---|
| REPOSITORY | OCA/server-auth |
| GIT | |
| GIT | https://github.com/OCA/server-auth.git |
| GIT FOLDER | |
| GIT FOLDER | https://github.com/OCA/server-auth/tree/11.0/auth_saml |
| VERSION | |
| VERSION | 1.0.0 |
| CATEGORY | |
| CATEGORY | Tools |
| LICENSE | |
| LICENSE | AGPL-3 |
| APPLICATION | |
| APPLICATION | No |
| AUTO-INSTALLABLE | |
| AUTO-INSTALLABLE | No |
| AUTHORS | |
| AUTHORS | Odoo Community Association (OCA), XCG Consulting |
| MAINTAINERS | |
| MAINTAINERS | XCG Consulting |
| COMMITTERS | |
| COMMITTERS | Maxime Chambreuil, GitHub, OCA Transbot, oca-travis, OCA-git-bot, eilst |
| WEBSITE | |
| WEBSITE | http://odoo.consulting |
| LAST TRACKING UPDATE | |
| LAST TRACKING UPDATE | 2026-07-06 00:23:56 |
| ODOO DEPENDENCIES | |
| ODOO DEPENDENCIES |
odoo/odoo: - base_setup - base - web - auth_crypt |
| PYTHON DEPENDENCIES | |
| PYTHON DEPENDENCIES | Not have |
| SYSTEM DEPENDENCIES | |
| SYSTEM DEPENDENCIES | Not have |
| DESCRIPTION | |
| DESCRIPTION | |
| XML ID | Name | Model | Type | Status |
|---|---|---|---|---|
auth_saml.login |
Samlv2 Login buttons | ir.ui.view | qweb | Inherits web.login |
auth_saml.providers |
Auth SAML Providers | ir.ui.view | qweb | New |
auth_saml_base_settings_form |
auth_saml_base_settings_form | res.config.settings | xpath | Inherits base_setup.res_config_settings_view_form |
view_saml_provider_form |
auth.saml.provider.form | auth.saml.provider | form | New |
view_saml_provider_list |
auth.saml.provider.list | auth.saml.provider | tree | New |
view_users_form |
res.users.form | res.users | xpath | Inherits base.view_users_form |
body
Char
css_class
Char
enabled
Boolean
default=False
args: 'Enabled'
idp_metadata
Text
matching_attribute
Text
default='subject.nameId'
required=True
string='Matching Attribute'
name
Char
sequence
Integer
sp_metadata
Text
sp_pkey
Text
No public methods.
saml_access_token
Char
help='The current SAML token in use'
args: 'Current SAML token for this user'
saml_provider_id
Many2one → auth.saml.provider
string='SAML Provider that issued the token'
args: 'auth.saml.provider'
user_id
Many2one → res.users
ondelete='cascade'
string='User'
args: 'res.users'
No public methods.
allow_saml_uid_and_internal_password
Boolean
string='Allow SAML users to posess an Odoo password (warning: decreases security)'
allow_saml_and_password(self)
get_values(self)
set_values(self)
saml_provider_id
Many2one → auth.saml.provider
string='SAML Provider'
args: 'auth.saml.provider'
saml_uid
Char
help='SAML Provider user_id'
args: 'SAML User ID'
auth_saml(self, provider, saml_response)
check_credentials(self, token)
check_no_password_with_saml(self)
write(self, vals)
| STATUS | |
|---|---|
| STATUS | Open migration PR - not merged yet for this version |
| REPOSITORY | |
| REPOSITORY | OCA/server-auth |
| PULL REQUEST | |
| PULL REQUEST | [19.0][MIG] auth_saml: Migration to 19.0 (#871) |