Configure secure Single Sign-On(SSO) login into Odoo with WSO2 using our Odoo OAuth Single Sign-On (SSO) module. The Odoo OAuth SSO plugin allows users to use their WSO2 credentials for a seamless Odoo WSO2 Login via SSO. The WSO2 OAuth Odoo plugin also provides advanced SSO features like user profile attribute mapping, role mapping, and granting site access based on WSO2 user groups. You can also protect your complete Odoo behind SSO. WSO2 Odoo OAuth SSO plugin secures the user’s login process and improves user authentication authority. Follow the steps in the guide below to install this plugin.

Prerequisites: Download and Installation

• An Odoo installation on your environment.
• Installed miniOrange OAuth SSO module for Odoo.

Steps to configure Single Sign-On(SSO) login into Odoo with WSO2 as Identity Provider

Step 1: Configure WSO2 as Identity Provider

• First, let’s register this Consumer App in WSO2 IS. Download and start WSO2 IS.

• Once logged in, go to Main -> Service Provider and click on Add.

• Enter the Service Provider Name and Description and click on Register.

• Now go to the Service Provider->List and edit the Service Provider you have created.
• Scroll down and select Inbound Authentication Configuration and then select OAuth/OpenID Connect Configuration and click on Configure.

• Select the OAuth Version 2.0 and enter the Redirect/Callback URL which you will get from the Odoo OAuth Single Sign-On (SSO) plugin. Click on Add.

• When the app has been added, Client ID and Client Secret are generated for the application. Configure the Odoo OAuth SSO plugin with Client ID, Client Secret, Authentication and Access Token, Get User Info Endpoint of WSO2. Endpoints are provided at the bottom of this guide.

• Attribute Mapping: To get attributes from WSO2 you have to add following Claim URIs in your WSO2 application.
• Add User: We need to add users to realm who will be able to access the resources of realm. Click on the Users and Click on Create new user to Add a new User.
• Go to Service Provider->Claim Configuration.
• Select https://wso2.org/claims/emailaddress from Subject Claim URI dropdown.

• Add following URIs in Service Provider Claim Dialect: https://wso2.org/oidc/claim & https://wso2.org/claims

WSO2 Identity Server as an OAuth Provider is successfully configured from the above step for achieving WSO2 Single Sign-On (SSO) with WSO2 login credentials into your Odoo.

Step 2: Configure the Odoo Application as Service Provider

• Navigate to Odoo Homepage and Click on the menu button.

• Click on miniOrange OAuth 2.0.

• Click on Create button to configure your OAuth Provider.

• You will see the following Screen.

• In General Configuration, fill in the name of the Identity Provider (eg, WSO2). You will also need to fill the following fields which you will get from your IdP (Refer the below table).

Note: Once you create the WSO2 account, you'll find the domain Url and you will need to add the same in the below endpoints.




OAuth Provider Client ID :	provided by WSO2
OAuth Provider Client Secret:	Provided by WSO2
Scope:	openid
Authorize Endpoint:	https://<wso2-site-domain-name>/oauth2/auth
Access Token Endpoint:	https://<wso2-site-domain-name>/oauth2/token
Get User Info Endpoint:	https://<wso2-site-domain-name>/oauth2/userinfo

• In the Attribute Mapping section, you can map the attributes from your IdP to users on the Odoo ERP system as desired.
• In the Group Mapping section, you can map the groups from IdP to your Odoo system. After filling in the required fields, you can click on the save button.

• We are done with setting up SSO using miniOrange OAuth SSO module for Odoo.

Step 3: Test Configuration

• Go to Odoo Login page. You will see an extra button with same name as configured in the module.

• Click on the button and you will be directed to you IdP login page. Enter your IdP credentials and click Login.
• After successful authentication, you will be logged into Odoo.

Congratulations, you have successfully setup miniOrange OAuth SSO module for Odoo to login using WSO2 credentials. Now your users can log in into Odoo using your WSO2 IdP credentials.

Additional Resources

• keycloak Single Sign-On using Odoo OAuth .
• Okta Single Sign-On using Odoo OAuth