[8.0] Add auth saml

.travis.yml

@@ -10,6 +10,7 @@ addons:
     packages:
       - expect-dev  # provides unbuffer utility
       - python-lxml # because pip installation is slow
+      - python-lasso # Used by the "auth_saml" addon.
 
 env:
   global:

auth_saml/NEWS.rst

@@ -0,0 +1,11 @@
+next
+====
+
+* Checks to ensure no Odoo user with SAML also has an Odoo password.
+* Setting to disable that rule.
+
+
+2.0
+===
+
+* SAML tokens are not stored in res_users anymore to avoid locks on that table.

auth_saml/README.rst

@@ -0,0 +1,117 @@
+.. image:: https://img.shields.io/badge/licence-AGPL--3-blue.svg
+   :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+   :alt: License: AGPL-3
+
+====================
+SAML2 authentication
+====================
+
+Let users log into Odoo via an SAML2 provider.
+
+This module allows to deport the management of users and passwords in an
+external authentication system to provide SSO functionality (Single Sign On)
+between Odoo and other applications of your ecosystem.
+
+
+WARNING: this module requires auth_crypt. This is because you still have the
+    option if not recommended to allow users to have a password stored in odoo
+    at the same time as having a SALM provider and id.
+
+
+Benefits
+========
+
+* Reducing the time spent typing different passwords for different accounts.
+
+* Reducing the time spent in IT support for password oversights.
+
+* Centralizing authentication systems.
+
+* Securing all input levels / exit / access to multiple systems without
+  prompting users.
+
+* The centralization of access control information for compliance testing to
+  different standards.
+
+
+Installation
+============
+
+Install as you would install any Odoo addon.
+
+Dependencies
+------------
+
+This addon requires `lasso`_.
+
+.. _lasso: http://lasso.entrouvert.org
+
+
+Configuration
+=============
+
+There are SAML-related settings in Configuration > General settings.
+
+
+Usage
+=====
+
+To use this module, you need an IDP server, properly set up. Go through the
+"Getting started" section for more information.
+
+
+Demo
+====
+
+.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas
+   :alt: Try me on Runbot
+   :target: https://runbot.odoo-community.org/runbot/149/8.0
+
+
+Known issues / Roadmap
+======================
+
+None for now.
+
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/
+{project_repo}/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed feedback `here <https://github.com/OCA/
+{project_repo}/issues/new?body=module:%20
+{module_name}%0Aversion:%20
+{version}%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+
+Credits
+=======
+
+Contributors
+------------
+
+In order of appearance:
+
+  - Florent Aide, <florent.aide@xcg-consulting.fr>
+  - Vincent Hatakeyama, <vincent.hatakeyama@xcg-consulting.fr>
+  - Alexandre Brun, <alexandre.brun@xcg-consulting.fr>
+  - Jeremy Co Kim Len, <jeremy.cokimlen@vinci-concessions.com>
+  - Houzéfa Abbasbhay <houzefa.abba@xcg-consulting.fr>
+
+
+Maintainer
+----------
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+This module is maintained by the OCA.
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+To contribute to this module, please visit http://odoo-community.org.

auth_saml/__init__.py

@@ -0,0 +1,4 @@
+# flake8: noqa
+
+from . import controllers
+from . import models

auth_saml/__openerp__.py

@@ -0,0 +1,53 @@
+# -*- coding: utf-8 -*-
+##############################################################################
+#
+#    Saml2 Authentication for Odoo
+#    Copyright (C) 2010-2016 XCG Consulting <http://odoo.consulting>
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU Affero General Public License as
+#    published by the Free Software Foundation, either version 3 of the
+#    License, or (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU Affero General Public License for more details.
+#
+#    You should have received a copy of the GNU Affero General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+##############################################################################
+
+
+{
+    'name': 'Saml2 Authentication',
+    'version': '3.0',
+    'category': 'Tools',
+    'author': 'XCG Consulting, Odoo Community Association (OCA)',
+    'maintainer': 'XCG Consulting',
+    'website': 'http://odoo.consulting',
+    'license': 'AGPL-3',
+    'depends': [
+        'base',
+        'base_setup',
+        'web',
+        'auth_crypt',
+    ],
+
+    'data': [
+        'data/auth_saml.xml',
+        'data/ir_config_parameter.xml',
+
+        'security/ir.model.access.csv',
+
+        'views/auth_saml.xml',
+        'views/base_settings.xml',
+        'views/res_users.xml',
+    ],
+    'installable': True,
+    'auto_install': False,
+    'external_dependencies': {
+        'python': ['lasso'],
+    },
+}

auth_saml/controllers/__init__.py

@@ -0,0 +1,3 @@
+# flake8: noqa
+
+from . import main