Odoo OAuth / OIDC Single Sign-On using KeyCloak as IDP

Configure secure Single Sign-On(SSO) login into Odoo with Keycloak using our Odoo OAuth Single Sign-On(SSO) module. The Odoo OAuth SSO plugin allows users to use their Keycloak credentials for a seamless Odoo Keycloak Login via SSO. Facilitating Keycloak SSO enables users to authenticate against their Keycloak credentials and securely access your Odoo site. This step-by-step setup guide will help you configure Keycloak as Identity Provider (IDP) and Odoo as Service Provider (SP) to achieve Keycloak Odoo SSO. To know more about other features we provide in Odoo OAuth Single Sign-On (SSO) plugin, you can click here.

Prerequisites: Download and Installation

• An Odoo installation on your environment.
• Installed miniOrange OAuth SSO module for Odoo.

Steps to configure KeyCloak as Identity Provider

Steps to configure KeyCloak

• Add Realm: Login to KeyCloak administration console and navigate to your desired realm. You can add new realm by selecting Create Realm option.

• Create realm: Enter Realm Name and keep the realm name handy as it will required later to configure the Realm under the OAuth Client plugin. Click on CREATE to add realm.

• Create OpenID client: Click on the Clients and choose Create Client to create a new client. Enter Client id and select client protocol openid-connect and Click Next.

• Enable the Client Authentication and Authorization toggle.

• Scroll down to the Access settings and enter your Callback/Redirect URL which you will get from your miniOrange plugin present on your Client side under the CallBack URLs text-field.

• Go to the Credentials tab, copy the Client Secret and keep it handy as we will require it later while configuring WordPress OAuth Single Sign-On plugin.

• Plugin Configuration: Enter copied Client Secret under Client secret field in the OAuth Client plugin, and enter the Client ID under the Client ID field.
• Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and Click on Create new user to Add a new User.

• User Configuration: After user is created following action needs to be performed on it.
• Setting a password for it so click on Credentials and set a new Password for the user.

Configure the Odoo Application as Service Provider

• Navigate to Odoo Homepage and Click on the menu button.

• Click on miniOrange OAuth 2.0.

• Click on Create button to configure your OAuth Provider.

• You will see the following Screen.

• In General Configuration, fill in the name of the Identity Provider (eg, WordPress). You will also need to fill the following fields which you will get from your IdP.

Client ID:	as provided by keycloak
Client Secret:	as provided by keycloak
Scope:	email profile openid
Authorize Endpoint:	<keycloak domain>/auth/realms/{realm-name}/protocol/openid-connect/auth
Access Token Endpoint:	<keycloak domain>/auth/realms/{realm-name}/protocol/openid-connect/token
Get User Info Endpoint:	<keycloak domain>/auth/realms/{realm-name}/protocol/openid-connect/userinfo

• In the Attribute Mapping section, you can map the attributes from your IdP to users on the Odoo ERP system as desired.
• In the Mapping section, you can map the groups from IdP to your Odoo system. After filling in the required fields, you can click on the save button.

• We are done with setting up SSO using miniOrange OAuth SSO module for Odoo.

Test the configuration by following there steps

• Go to Odoo Login page. You will see an extra button with same name as configured in the module.

• Click on the button and you will be directed to you IdP login page. Enter your IdP credentials and click Login.
• After successful authentication, you will be logged into Odoo.

In this Guide, you have successfully configured miniOrange OAuth SSO module for Odoo to Login using Keycloak credentials. Now your users can log in into Odoo using your Keycloak IdP credentials.

Feel free to reach out to us at odoosupport@xecurify.com with your questions and queries.