OpenERP Custom Integration

From Swivel Knowledgebase
Jump to: navigation, search


Overview

This document outlines the steps required to integrate the OpenERP with Swivel using dual or single channel authentication.

The Swivel install requires configuring an agent on the Swivel server and setting up a shared secret with the code being added to OpenERP 7.0 server to allow communication for authentication.

Due to the complexity of OpenERP, several files need to be changed (or replaced) on the server, then recompiled. Integration with Swivel is made through Agent-XML.


NOTE: This document uses the files from version 7.0 of OpenERP, however, the principle is that either customized, or from another version, the functions should be similar, making integration easyer.

For an article specific for version OpenERP 7.0, please check article Open_ERP7_Integration


Prerequisites

OpenERP server (version 7.0 assumed in this example)

PINsafe server

Text Editor or Code editor

It is recommended to read the following Kowledgebase articles (to better understand how Swivel Agent-XM works):

https://kb.swivelsecure.com/wiki/index.php/Agent-XML

https://kb.swivelsecure.com/wiki/index.php/AuthenticationAPI]


Swivel Configuration

On the Swivel server configure the agent that is permitted to request authentication. On the Swivel Administration Console select from the server menu Agents and enter the details of the OpenERP IP address and a shared key, then click on apply. Example:

Name : OpenERP, 
Hostname/IP : 10.10.10.252, 
shared secret : secret

OpenERP7 1.png

If Single Channel communication is to be used, select from the Swivel Administration Console Single Channel, and set the Allow image request by username to Yes then click on apply.

OpenERP7 2.png


OpenERP User Authentication flow Integration

The Standard OpenERP User Authentication flow

OpenERP 1.png

The Swivel Integrated OpenERP User Authentication flow

OpenERP 2.png

Configuring the OpenERP Files

openerp/addons/web/static/src/xml/base.xml

Unchanged code in black

Added code in green

Changed code in orange

In this file we are transforming the form to support the Get TURing button and the OTC password field.

Search for the login form code, usually called “<t t-name="Login">” and place in line nr 61

OpenERP C1.png


openerp/addons/web/static/src/js/chrome.js

Unchanged code in black

Added code in green

Changed code in orange

In this file we will be adding the functions that support automation and control over the form displaying the TURing image and Get TURing button.

First we need to hide the TURing image and register the link from the Get TURing button to the respective function.

Search for the form initiation routine, usually called “ start: function() {” and place in line nr 640

OpenERP C2.png

Then we need to create the function. Find space right after the “on_db_failed: function” on lines 703 to 707.

Change the IP address on the example with your swivel appliance IP or domain name.

OpenERP C3.png

Finally, we need to change the functions that support the original form submit, so we can add OTC (called "password2" in this example).

Function “on_submit: function(ev)” should be immediately after your recently added function code, on line nr 715.

You will also update function “do_login”, placed immediately after “on_submit” function.


OpenERP C41.png


openerp/addons/web/static/src/js/coresetup.js

Unchanged code in black

Added code in green

Changed code in orange

In this file we will be adding the parameter “password2” to the function that creates the bridge between the user interface (in XML, javascript and jquery) and the OpenERP server core (in python).

Search for the “session_authenticate: function”, usualy place on line nr101

OpenERP C5.png


openerp/addons/web/controllers/main.py

Unchanged code in black

Added code in green

Changed code in orange

In this file we will be changing the OpenERP core authentication function, so that it calls the Swivel Secure server with a login function request, and then continues on the consideration of the reply given by swivel software.

First we need to add a library module to handle and parse the XML sent by the Swivel Agent-XML.

This is added in the very beginning of the code file.

OpenERP C6.png

Finally, we need to change the “def authenticate” function to handle the the new “password2” parameter, call the Swivel Server, parse the response and make decision based on the response.

The “def authenticate” function should start in line nr 857 or 858

Don't forget to change the server IP in the code by your own Swivel server IP or domain path and the "secret".

OpenERP C7.png

Pyhton 3.x changes

openerp/addons/web/controllers/main.py

Unchanged code in black

Added code in green

Changed code in orange

If running Python 3.0, then you have a call to the urllib module.

The urllib <http://docs.python.org/2/library/urllib.html#module-urllib> module has been split into parts and renamed in Python 3 to urllib.request, urllib.parse, and urllib.error.

This is shown in RED in the example from the changes to be done on file “openerp/addons/web/controllers/main.py”

Do not forget to change the IP an "secret" in the code by your own Swivel server IP or domain path.

OpenERP C8.png


Testing

Open a browser and point to http://yourserverip:8069

OpenERP7 3.png

After clicking the “request TURing” button, the swivel appliance log should show “127.0.0.1:Session started for user: admin.”

And this should be the result:

OpenERP7 4.png

Then after login, the swivel appliance log should read:

“OPENERP SERVER IP” OpenERP:Login successful for user: admin.


Error Messages

On OpenERP stack trace

"ImportError: No module named urllib.urlopen"

Please refer to the this article, section Python 3.0 changes.

On the Swivel Log

AgentXML request failed, error: The agent is not authorized to access the server

User fails to authenticate with the above error message in the Swivel log.

This means that an Agent on Swivel server has not been defined for the OpenERP server.

Go to Server/Agents in the PINsafe admin console, and add a new entry, using the IP address of the OpenERP server.

Make sure the agent secret is the same as on the OpenERP configuration.