diff --git a/auth_from_http_remote_user/__openerp__.py b/auth_from_http_remote_user/__openerp__.py
index cf7bbc34b..8f79c1047 100644
--- a/auth_from_http_remote_user/__openerp__.py
+++ b/auth_from_http_remote_user/__openerp__.py
@@ -27,7 +27,7 @@ Allow users to be automatically logged in.
==========================================
This module initialize the session by looking for the field HTTP_REMOTE_USER in
-the HEADER of the HTTP request and trying to bind the given value to a user
+the HEADER of the HTTP request and trying to bind the given value to a user.
This module must be loaded at startup; Add the *--load* parameter to the startup
command: ::
@@ -37,6 +37,31 @@ If the field is not found or no user matches the given one, it can lets the
system redirect to the login page (default) or issue a login error page
depending of the configuration.
+Use case.
+---------
+
+The module allows integration with external security systems that can pass along
+authentication of a user via Remote_User HTTP header field. In many cases, this
+is achieved via server like Apache HTTPD or nginx proxying Odoo.
+
+.. important:: When proxying your Odoo server with Apache or nginx, It's
+ important to filter out the Remote_User HTTP header field before your
+ request is processed by the proxy to avoid security issues. In apache you
+ can do it by using the RequestHeader directive in your VirtualHost
+ section ::
+
+
+ ServerName MY_VHOST.com
+ ProxyRequests Off
+ ...
+
+ RequestHeader unset Remote-User early
+ ProxyPass / http://127.0.0.1:8069/ retry=10
+ ProxyPassReverse / http://127.0.0.1:8069/
+ ProxyPreserveHost On
+
+
+
How to test the module with Apache [#]_
----------------------------------------
@@ -60,7 +85,7 @@ with the following content: ::
ProxyRequests Off
AuthType Basic
- AuthName "Test OpenErp auth_from_http_remote_user"
+ AuthName "Test Odoo auth_from_http_remote_user"
AuthBasicProvider file
AuthUserFile /etc/apache2/MY_VHOST.htpasswd
Require valid-user
@@ -71,6 +96,7 @@ with the following content: ::
RequestHeader set Remote-User "%{RU}e" env=RU
+ RequestHeader unset Remote-User early
ProxyPass / http://127.0.0.1:8069/ retry=10
ProxyPassReverse / http://127.0.0.1:8069/
ProxyPreserveHost On
@@ -79,9 +105,9 @@ with the following content: ::
.. important:: The *RequestHeader* directive is used to add the *Remote-User*
field in the http headers. By default an *'Http-'* prefix is added to the
field name.
- In OpenErp, header's fields name are normalized. As result of this
+ In Odoo, header's fields name are normalized. As result of this
normalization, the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'.
- If you don't know how your specified field is seen by OpenErp, run your
+ If you don't know how your specified field is seen by Odoo, run your
server in debug mode once the module is activated and look for an entry
like: ::
@@ -114,7 +140,7 @@ Finally reload the configuration: ::
$ sudo service apache2 reload
Open your browser and go to MY_VHOST.com. If everything is well configured, you
-are prompted for a login and password outside OpenErp and are automatically
+are prompted for a login and password outside Odoo and are automatically
logged in the system.
.. [#] Based on a ubuntu 12.04 env