[19.0][MIG] auth_saml: Migration to 19.0

Author: michotm

auth_saml/README.rst

@@ -0,0 +1,197 @@
+.. image:: https://odoo-community.org/readme-banner-image
+   :target: https://odoo-community.org/get-involved?utm_source=readme
+   :alt: Odoo Community Association
+
+====================
+SAML2 Authentication
+====================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:3e5b3bb4044a255d619b8bda0861d58722133ab48366ffd2c2f88c8fbdcc0a5c
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/license-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-auth/tree/19.0/auth_saml
+    :alt: OCA/server-auth
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-auth-19-0/server-auth-19-0-auth_saml
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=19.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+Let users log into Odoo via an SAML2 identity provider.
+
+This module allows to deport the management of users and passwords in an
+external authentication system to provide SSO functionality (Single Sign
+On) between Odoo and other applications of your ecosystem.
+
+**Benefits**:
+
+- Reducing the time spent typing different passwords for different
+  accounts.
+- Reducing the time spent in IT support for password oversights.
+- Centralizing authentication systems.
+- Securing all input levels / exit / access to multiple systems without
+  prompting users.
+- The centralization of access control information for compliance
+  testing to different standards.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Installation
+============
+
+This addon requires the python module ``pysaml2``.
+
+``pysaml2`` requires the binary ``xmlsec1`` (on Debian or Ubuntu you can
+install it with ``apt-get install xmlsec1``)
+
+Configuration
+=============
+
+To use this module, you need an IDP server, properly set up.
+
+1. Configure the module according to your IdP’s instructions (Settings >
+   Users & Companies > SAML Providers).
+2. Pre-create your users and set the SAML information against the user.
+
+By default, the module let users have both a password and SAML ids. To
+increase security, disable passwords by using the option in Settings.
+Note that the admin account can still have a password, even if the
+option is activated. Setting the option immediately remove all password
+from users with a configured SAML ids.
+
+If all the users have a SAML id in a single provider, you can set
+automatic redirection in the provider settings. The autoredirection will
+only be done on the active provider with the highest priority. It is
+still possible to access the login without redirection by using the
+query parameter ``disable_autoredirect``, as in
+``https://example.com/web/login?disable_autoredirect=`` The login is
+also displayed if there is an error with SAML login, in order to display
+any error message.
+
+If you are using Office365 as identity provider, set up the federation
+metadata document rather than the document itself. This will allow the
+module to refresh the document when needed.
+
+Usage
+=====
+
+Users can login with the configured SAML IdP with buttons added in the
+login screen.
+
+Known issues / Roadmap
+======================
+
+- clean up ``auth_saml.request``
+
+Changelog
+=========
+
+18.0.1.0.3 (2025-09-11)
+-----------------------
+
+Features
+~~~~~~~~
+
+- When using attribute mapping, only write value that changes. Not
+  writing the value systematically avoids getting security mail on
+  login/email when there is no real change.
+
+18.0.1.0.2 (2025-05-13)
+-----------------------
+
+Bugfixes
+~~~~~~~~
+
+- Avoid redirecting when there is a SAML error.
+
+18.0.1.0.0
+----------
+
+Initial migration for 18.0.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20auth_saml%0Aversion:%2019.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+-------
+
+* XCG Consulting
+
+Contributors
+------------
+
+- `XCG Consulting <https://xcg-consulting.fr/>`__:
+
+  - Florent Aide <florent.aide@xcg-consulting.fr>
+  - Vincent Hatakeyama <vincent.hatakeyama@xcg-consulting.fr>
+  - Alexandre Brun
+  - Houzéfa Abbasbhay <houzefa.abba@xcg-consulting.fr>
+  - Szeka Wong <szeka.wong@xcg-consulting.fr>
+
+- Jeremy Co Kim Len <jeremy.cokimlen@vinci-concessions.com>
+- Jeffery Chen Fan <jeffery9@gmail.com>
+- Bhavesh Odedra <bodedra@opensourceintegrators.com>
+- `Tecnativa <https://www.tecnativa.com/>`__:
+
+  - Jairo Llopis
+
+- `GlodoUK <https://www.glodo.uk/>`__:
+
+  - Karl Southern
+
+- `TAKOBI <https://takobi.online/>`__:
+
+  - Lorenzo Battistini
+
+Maintainers
+-----------
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-vincent-hatakeyama| image:: https://github.com/vincent-hatakeyama.png?size=40px
+    :target: https://github.com/vincent-hatakeyama
+    :alt: vincent-hatakeyama
+
+Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-vincent-hatakeyama| 
+
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/19.0/auth_saml>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auth_saml/__init__.py

@@ -0,0 +1 @@
+from . import controllers, models, wizards

auth_saml/__manifest__.py

@@ -0,0 +1,34 @@
+# Copyright (C) 2020 GlodoUK <https://www.glodo.uk/>
+# Copyright (C) 2010-2016, 2022 XCG Consulting <http://odoo.consulting>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "SAML2 Authentication",
+    "version": "19.0.0.0.1",
+    "category": "Tools",
+    "author": "XCG Consulting, Odoo Community Association (OCA)",
+    "maintainers": ["vincent-hatakeyama"],
+    "website": "https://github.com/OCA/server-auth",
+    "license": "AGPL-3",
+    "depends": [
+        "base_setup",
+        "web",
+    ],
+    "external_dependencies": {
+        "python": ["pysaml2", "responses"],
+        "bin": ["xmlsec1"],
+        # special definition used by OCA to install packages
+        "deb": ["xmlsec1"],
+    },
+    "demo": [],
+    "data": [
+        "data/ir_config_parameter.xml",
+        "security/ir.model.access.csv",
+        "views/auth_saml.xml",
+        "views/res_config_settings.xml",
+        "views/res_users.xml",
+    ],
+    "installable": True,
+    "auto_install": False,
+    "development_status": "Beta",
+}

auth_saml/controllers/__init__.py

@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import main