Browse Source

Improve module description

pull/34/head
Laurent Mignon (aka lmi) 11 years ago
parent
commit
ec8f4a7292
  1. 36
      auth_from_http_remote_user/__openerp__.py

36
auth_from_http_remote_user/__openerp__.py

@ -27,7 +27,7 @@ Allow users to be automatically logged in.
==========================================
This module initialize the session by looking for the field HTTP_REMOTE_USER in
the HEADER of the HTTP request and trying to bind the given value to a user
the HEADER of the HTTP request and trying to bind the given value to a user.
This module must be loaded at startup; Add the *--load* parameter to the startup
command: ::
@ -37,6 +37,31 @@ If the field is not found or no user matches the given one, it can lets the
system redirect to the login page (default) or issue a login error page
depending of the configuration.
Use case.
---------
The module allows integration with external security systems that can pass along
authentication of a user via Remote_User HTTP header field. In many cases, this
is achieved via server like Apache HTTPD or nginx proxying Odoo.
.. important:: When proxying your Odoo server with Apache or nginx, It's
important to filter out the Remote_User HTTP header field before your
request is processed by the proxy to avoid security issues. In apache you
can do it by using the RequestHeader directive in your VirtualHost
section ::
<VirtualHost *:80>
ServerName MY_VHOST.com
ProxyRequests Off
...
RequestHeader unset Remote-User early
ProxyPass / http://127.0.0.1:8069/ retry=10
ProxyPassReverse / http://127.0.0.1:8069/
ProxyPreserveHost On
</VirtualHost>
How to test the module with Apache [#]_
----------------------------------------
@ -60,7 +85,7 @@ with the following content: ::
ProxyRequests Off
<Location />
AuthType Basic
AuthName "Test OpenErp auth_from_http_remote_user"
AuthName "Test Odoo auth_from_http_remote_user"
AuthBasicProvider file
AuthUserFile /etc/apache2/MY_VHOST.htpasswd
Require valid-user
@ -71,6 +96,7 @@ with the following content: ::
RequestHeader set Remote-User "%{RU}e" env=RU
</Location>
RequestHeader unset Remote-User early
ProxyPass / http://127.0.0.1:8069/ retry=10
ProxyPassReverse / http://127.0.0.1:8069/
ProxyPreserveHost On
@ -79,9 +105,9 @@ with the following content: ::
.. important:: The *RequestHeader* directive is used to add the *Remote-User*
field in the http headers. By default an *'Http-'* prefix is added to the
field name.
In OpenErp, header's fields name are normalized. As result of this
In Odoo, header's fields name are normalized. As result of this
normalization, the 'Http-Remote-User' is available as 'HTTP_REMOTE_USER'.
If you don't know how your specified field is seen by OpenErp, run your
If you don't know how your specified field is seen by Odoo, run your
server in debug mode once the module is activated and look for an entry
like: ::
@ -114,7 +140,7 @@ Finally reload the configuration: ::
$ sudo service apache2 reload
Open your browser and go to MY_VHOST.com. If everything is well configured, you
are prompted for a login and password outside OpenErp and are automatically
are prompted for a login and password outside Odoo and are automatically
logged in the system.
.. [#] Based on a ubuntu 12.04 env

Loading…
Cancel
Save