* Landry BIAO <[hidden email]> [2019-12-16 00:42]:
> Hi everybody. I want to perform single sign-on for web applications
> (Alfresco and odoo) using shibboleth. But I can't do it.
Well, noone here is going to do it for you just because you "can't".
(With the possible exception of you hiring someone.)
From a technical standpoint it's not even clear what you're asking:
About integrating the Shibboleth SP software with those applications?
Or merely "using" a Shibboleth IDP (as an instance of any SAML IDP)
with SAML SP integrations that may exist for these applications
(possibly only as part of their "enterprise" versions)?
So fully aware that everything below will not be of much help to you
here's my take on these two applications -- not that anyone is going
to find that burried in a thread with the meaningless subject "SSO":
Alfresco claims support for SAML WebSSO:
https://docs.alfresco.com/sso/topics/saml.html though that seems rather limited (as usual).
So this seems like an excercise in following their documentation (to
extract their own requirements) and the documentation of the
Shibboleth IDP (on how to satisfy conctete technical requirements).
But Alfresco also has support for "external authentication"
https://docs.alfresco.com/5.2/concepts/auth-basics.html In conjunction with httpd and mod_proxy_ajp this should allow use of
the Shibboleth SP with Alfresco. (Which would certainly be my own
preference because I know how to use httpd and Shibboleth.)
That latter approach would allow use of Apache httpd as both TLS
terminator and web server, with uWSGI (which has a good httpd
integration via mod_proxy_uwsgi) or mod_wsgi as application servers
respectively. Both allow use of environment variables set by the
Shibboleth SP, though how Odoo can be made to accept/consume those
would require a closer look.