Hi,
We have an Odoo/OpenERP v7 installation on a Debian server which is working well since one year. It is acessible on internet via a URL like : https://<FQDN>:8071/ (I have set nginx to enable SSL access). and evrything works well with local authentication.
We are now starting to use Windows Azure Active Directory as our IdM/IdP (and enforced multifactor authentication). WAAD can be set as an OAUTH2 provider for any web application that support it, as it complies to OAuth 2.0 RFC 6749 (http://msdn.microsoft.com/en-us/library/azure/dn645545.aspx). So we would like to use it to authenticate user in our OpenERP environment.
I have :
- created an OpenERP application link (and id) in WAAD console with the following settings:
- Name : OpenERP
- Connection URL : https://<FQDN>:8071/auth_oauth/signin
- and a client ID has been generated by WAAD
- WAAD is also providing me a list of different 'termination point' URL :
- Federation metadata document
- WS-FEDERATION connection endpoint
- SAML-P login endpoint
- SAML-P logout endpoint
- WAAD Gaph API endpoint
- OAUTH2 token endpoint
- OAUTH2 Authorization endpoint
- enabled the oauth2 modules in OpenERP and
- created a new oauth2 provider in OpenERP with the following settings:
- Provider name: Windows Azure AD
- Client Id: [the one provided by WAAD]
- Allowed: enabled
- Authentication URL: the WAAD OAUTH2 Authorization endpoint URL
- Scope: empty, what should I provide here ?
- Validation URL: the WAAD OAUTH2 token endpoint URL
- Data URL: the WAAD Federation metadata document URL
When I go to the OpenERP login window, I do have now a link "Login with Azure AD", but when I click on it nothing happens. I am no redirected to any Windows Azure login window. And nothing is shown in the openerp.log file.
Could anybody help me on this setting ?
Thanks for your support,
Antoine.