I would like to authenticate into Odoo via xmlrpc but as a SSO kind of implementation. The credentials of the users will be the same in both Odoo and PHP, so basically there will be a redirection to Odoo from the php system when the user is logged in there. The thing is since the passwords are hashed at both the PHP and Odoo side, there is no way to pass the password from php to odoo. I know that authentication can be done if the username and password is passed, but this isnt the case here, so is there any way to implement an SSO for the above scenario?
Thanks And Regards,
Yaseen Shareef
Odoo supports other authentication mechanisms than local passwords, out-of-the-box:
auth_ldap module. It requires an external LDAP service, such as openldap or a Microsoft Active Directory. It works at the XML-RPC level as well, because it is a password-based mechanism.auth_oauth module. It requires an external OAuth2 provider, such as Google or Facebook accounts. This does not work transparently at the XML-RPC level, because it is not strictly password-based. You need to do the OAuth authentication of an HTTP session first, and then you can use the JSON-RPC API to remotely access Odoo as you would with XML-RPC.auth_openid module. This requires an external OpenID service, but has been deprecated as of Odoo 9 in favor of the equivalent OAuth services. Similarly to OAuth, it is not password-based so it will not work at the XML-RPC level directly.The Odoo API is fully accessible through either XML-RPC or JSON-RPC, these are strictly equivalent. There are RPC libraries for each in most languages, and popular languages often have dedicated Odoo RPC libraries.
You can easily achieve SSO on Odoo and your PHP application by using one of these external authentication mechanisms, as there are PHP libraries for each of them. You just need to choose a suitable provider for your case.
In addition third-party community modules exist for other authentication mechanism (look here for starters). For example, for version 7.0 there was a module that would authenticate in Odoo based on the HTTP Basic authentication (auth_from_http_basic), allowing for SSO based on the web server' pluggable authentication. I don't think it was ported for version 8, but you can perhaps contact the authors and help get it done.