Skip to Content
This question has been flagged
3 Replies
8213 Views
Avatar
Comexans

Hi,

I finally manage to set oauth2 with WAAD as a provider on an OpenERP v7 server under Linux Debian 7. Here is my setup :

  • created an OpenERP application link (and id) in WAAD console with the following settings:
    • Name : OpenERP
    • Connection URL : http://<FQDN>:8069/
    • and a client ID has been generated by WAAD
    • Mutualized application : No
    • Application URI: http://<FQDN>:8069/auth_oauth/signin
    • Answer/response URL: http://<FQDN>:8069/
  • enabled the oauth2 modules in OpenERP and 
  • created a new oauth2 provider in OpenERP with the following settings:
    • Provider name: Windows Azure AD
    • Client Id: [the one provided by WAAD]
    • Allowed: enabled
    • Authentication URL: https://login.windows.net/common/oauth2/authorize
    • Scope: empty
    • Validation URL: https://login.windows.net/common/oauth2/token
    • Data URL: empty
  • ​Create a Use with with the same "Connection" name as the one setup in WAAD (which is the user's email)

​On OpenERP login scrren, I have the Windows Azure AD login button, I click on it and I am redirected to Azure AD athentication window. After Authentication performed by Azure AD, I am redirected to OpenERP with an "unsupported response type" error.

In the log file I can see the traceback :

2015-03-04 11:36:17,348 32767 INFO MyOEDB openerp.addons.document_webdav.webdav_server: WebDAV service registered at path: /webdav/
2015-03-04 11:36:18,191 32767 INFO MyOEDB openerp.modules.loading: Modules loaded.
2015-03-04 11:36:18,269 32767 INFO MyOEDB werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:18] "GET / HTTP/1.1" 200 -
2015-03-04 11:36:18,413 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:18] "GET /web/static/src/css/full.css HTTP/1.1" 200 -
2015-03-04 11:36:18,561 32767 INFO MyOEDB werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:18] "GET /web/webclient/css?db=MyOEDB HTTP/1.1" 200 -
2015-03-04 11:36:19,974 32767 INFO MyOEDB werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:19] "GET /web/webclient/js?db=MyOEDB HTTP/1.1" 200 -
2015-03-04 11:36:20,746 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:20] "POST /web/session/get_session_info HTTP/1.1" 200 -
2015-03-04 11:36:20,811 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:20] "POST /web/webclient/qweblist HTTP/1.1" 200 -
2015-03-04 11:36:20,829 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:20] "GET /web/static/src/img/favicon.ico HTTP/1.1" 404 -
2015-03-04 11:36:20,908 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:20] "POST /web/webclient/bootstrap_translations HTTP/1.1" 200 -
2015-03-04 11:36:21,043 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:21] "POST /web/proxy/load HTTP/1.1" 200 -
2015-03-04 11:36:21,264 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:21] "GET /web/binary/company_logo?session_id=c0b4e4e4bd1a4e4e93f4db25aaa2d8e7 HTTP/1.1" 200 -
2015-03-04 11:36:21,270 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:21] "GET /web/static/src/img/logo2.png HTTP/1.1" 200 -
2015-03-04 11:36:21,285 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:21] "POST /web/database/get_list HTTP/1.1" 200 -
2015-03-04 11:36:21,341 32767 INFO MyOEDB werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:21] "POST /auth_oauth/list_providers HTTP/1.1" 200 -
2015-03-04 11:36:51,525 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:51] "GET /auth_oauth/signin HTTP/1.1" 200 -
2015-03-04 11:36:51,671 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:51] "GET /favicon.ico HTTP/1.1" 404 -
2015-03-04 11:36:52,031 32767 ERROR MyOEDB openerp.addons.auth_oauth.controllers.main: OAuth2: No JSON object could be decoded: line 4 column 1 (char 6)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/openerp/addons/auth_oauth/controllers/main.py", line 65, in signin
    credentials = u.auth_oauth(cr, SUPERUSER_ID, provider, kw, context=context)
  File "/usr/lib/python2.7/dist-packages/openerp/addons/auth_oauth/res_users.py", line 74, in auth_oauth
    validation = self._auth_oauth_validate(cr, uid, provider, access_token)
  File "/usr/lib/python2.7/dist-packages/openerp/addons/auth_oauth/res_users.py", line 40, in _auth_oauth_validate
    validation = self._auth_oauth_rpc(cr, uid, p.validation_endpoint, access_token)
  File "/usr/lib/python2.7/dist-packages/openerp/addons/auth_oauth/res_users.py", line 35, in _auth_oauth_rpc
    return simplejson.loads(response)
  File "/usr/lib/python2.7/dist-packages/simplejson/__init__.py", line 451, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python2.7/dist-packages/simplejson/decoder.py", line 402, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python2.7/dist-packages/simplejson/decoder.py", line 420, in raw_decode
    raise JSONDecodeError("No JSON object could be decoded", s, idx)
JSONDecodeError: No JSON object could be decoded: line 4 column 1 (char 6)
2015-03-04 11:36:52,041 32767 INFO MyOEDB werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:52] "GET /auth_oauth/signin?error=unsupported_response_type&error_description=AADSTS70005%3a+response_type+%27token%27+is+not+supported+for+the+application%0d%0aTrace+ID%3a+13b6be00-a757-4b15-80c1-d8d340d0ec2a%0d%0aCorrelation+ID%3a+e34338b0-a330-4f54-a713-b029e1bcbbd4%0d%0aTimestamp%3a+2015-03-04+11%3a36%3a52Z&state=%7b%22d%22%3a%22MyOEDB%22%2c%22p%22%3a4%7d HTTP/1.1" 303 -
2015-03-04 11:36:52,144 32767 INFO MyOEDB werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:52] "GET / HTTP/1.1" 200 -
2015-03-04 11:36:52,395 32767 INFO MyOEDB werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:52] "GET /web/webclient/css?db=MyOEDB HTTP/1.1" 304 -
2015-03-04 11:36:52,455 32767 INFO MyOEDB werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:52] "GET /web/webclient/js?db=MyOEDB HTTP/1.1" 200 -
2015-03-04 11:36:53,233 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:53] "POST /web/session/get_session_info HTTP/1.1" 200 -
2015-03-04 11:36:53,295 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:53] "POST /web/webclient/qweblist HTTP/1.1" 200 -
2015-03-04 11:36:53,368 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:53] "POST /web/webclient/bootstrap_translations HTTP/1.1" 200 -
2015-03-04 11:36:53,491 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:53] "POST /web/proxy/load HTTP/1.1" 200 -
2015-03-04 11:36:53,683 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:53] "GET /web/binary/company_logo?session_id=7e87e7de8f104f55aff943523ceacd89 HTTP/1.1" 200 -
2015-03-04 11:36:53,720 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:53] "GET /web/static/lib/jquery.ui.bootstrap/css/custom-theme/images/ui-icons_f6cf3b_256x240.png HTTP/1.1" 200 -
2015-03-04 11:36:53,724 32767 INFO ? werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:53] "POST /web/database/get_list HTTP/1.1" 200 -
2015-03-04 11:36:53,817 32767 INFO MyOEDB werkzeug: 109.190.121.129 - - [04/Mar/2015 11:36:53] "POST /auth_oauth/list_providers HTTP/1.1" 200 -

​So it seems that I am facing JSON decode issue. Does someone can help me to modify the oauth module to support this ?

Thanks for your support.

Avatar
Discard
Avatar
Serpent Consulting Services Pvt. Ltd.
Best Answer

Guys,

https://apps.odoo.com/apps/modules/10.0/odoo_office365_calendar/ does it for you on All Microsoft accounts with SSO.

You can do the same with Azure.

Thanks.

Avatar
Discard
Avatar
Comexans
Author Best Answer

Hi René,

No progress on this issue (we are still relying on v7)....

Regards.

Avatar
Discard
Avatar
René van den Hoek
Best Answer

Hi Comexans,

I think I'm running into the same issue on Odoo 8. Did you make any progress on the problem since reporting it?
I do not understand why single sign-on with Azure is available in the online (hosted) version of Odoo. So far as my research goes I did not find any documentation about successfull integration of Azure AD and an installed version of Odoo

Avatar
Discard