From 94057ffb4e30707ee5aba08c8d160d799a97ed7b Mon Sep 17 00:00:00 2001
From: Denis Leemann <denis.leemann@camptocamp.com>
Date: Tue, 15 Jun 2021 14:28:03 +0200
Subject: [PATCH] [ADD] auth_saml_enviroment

---
 auth_saml_environment/README.rst              | 118 +++++
 auth_saml_environment/__init__.py             |   2 +
 auth_saml_environment/__manifest__.py         |  20 +
 auth_saml_environment/controllers/__init__.py |   1 +
 auth_saml_environment/controllers/main.py     |  16 +
 auth_saml_environment/models/__init__.py      |   1 +
 .../models/auth_saml_provider.py              |  44 ++
 auth_saml_environment/readme/CONFIGURE.rst    |  18 +
 auth_saml_environment/readme/CONTRIBUTORS.rst |   2 +
 auth_saml_environment/readme/DESCRIPTION.rst  |   1 +
 auth_saml_environment/readme/INSTALL.rst      |   2 +
 auth_saml_environment/readme/ROADMAP.rst      |   2 +
 auth_saml_environment/readme/USAGE.rst        |   6 +
 .../static/description/index.html             | 448 ++++++++++++++++++
 auth_saml_environment/tests/__init__.py       |   1 +
 .../tests/test_environment_variable.py        |  35 ++
 .../views/saml_provider_view.xml              |  26 +
 oca_dependencies.txt                          |   1 +
 .../odoo/addons/auth_saml_environment         |   1 +
 setup/auth_saml_environment/setup.py          |   6 +
 20 files changed, 751 insertions(+)
 create mode 100644 auth_saml_environment/README.rst
 create mode 100644 auth_saml_environment/__init__.py
 create mode 100644 auth_saml_environment/__manifest__.py
 create mode 100644 auth_saml_environment/controllers/__init__.py
 create mode 100644 auth_saml_environment/controllers/main.py
 create mode 100644 auth_saml_environment/models/__init__.py
 create mode 100644 auth_saml_environment/models/auth_saml_provider.py
 create mode 100644 auth_saml_environment/readme/CONFIGURE.rst
 create mode 100644 auth_saml_environment/readme/CONTRIBUTORS.rst
 create mode 100644 auth_saml_environment/readme/DESCRIPTION.rst
 create mode 100644 auth_saml_environment/readme/INSTALL.rst
 create mode 100644 auth_saml_environment/readme/ROADMAP.rst
 create mode 100644 auth_saml_environment/readme/USAGE.rst
 create mode 100644 auth_saml_environment/static/description/index.html
 create mode 100644 auth_saml_environment/tests/__init__.py
 create mode 100644 auth_saml_environment/tests/test_environment_variable.py
 create mode 100644 auth_saml_environment/views/saml_provider_view.xml
 create mode 120000 setup/auth_saml_environment/odoo/addons/auth_saml_environment
 create mode 100644 setup/auth_saml_environment/setup.py

diff --git a/auth_saml_environment/README.rst b/auth_saml_environment/README.rst
new file mode 100644
index 0000000..93125a3
--- /dev/null
+++ b/auth_saml_environment/README.rst
@@ -0,0 +1,118 @@
+======================
+Auth SAML environement
+======================
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--env-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-env/tree/14.0/auth_saml_environment
+    :alt: OCA/server-env
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-env-14-0/server-env-14-0-auth_saml_environment
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/254/14.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
+This module allows to use server env for SAML configuration
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Installation
+============
+
+To install this module, you need to have the following modules installed and
+properly configured: `server_environment module` `auth_saml`
+
+Configuration
+=============
+
+To configure this module, you need to:
+
+Create a module server_environment_file with a cfg file or set the environment variable
+SERVER_ENV_CONFIG with the following section:
+
+[auth_saml_provider.<name>]
+
+Where <name> is optional and must be equal to the name field you defined in Odoo for the IDP.
+
+
+Example of configuration
+
+[auth_saml_provider.my_idp]
+
+idp_metadata=<...>
+sp_baseurl=https://odoo-community.org
+sp_pem_public_path=/data/cert.pem
+sp_pem_private_path=/data/key.pem
+
+Usage
+=====
+
+Once configured, Odoo will read the Auth SAML Providers values from the
+configuration.
+
+Note that visibility of login button for SAML is changed and differs from `auth_saml` module,
+instead of relying on which fields are filled or not, all providers will be displayed as long
+as their configuration in Odoo are set to active.
+
+Known issues / Roadmap
+======================
+
+* Due to the special nature of this addon, you cannot test it on the OCA
+  runbot.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-env/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-env/issues/new?body=module:%20auth_saml_environment%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Camptocamp SA
+
+Contributors
+~~~~~~~~~~~~
+
+* Denis Leemann <denis.leemann@camptocamp.com>
+* Yannick Vaucher <yannick.vaucher@camptocamp.com>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-env <https://github.com/OCA/server-env/tree/14.0/auth_saml_environment>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auth_saml_environment/__init__.py b/auth_saml_environment/__init__.py
new file mode 100644
index 0000000..f7209b1
--- /dev/null
+++ b/auth_saml_environment/__init__.py
@@ -0,0 +1,2 @@
+from . import models
+from . import controllers
diff --git a/auth_saml_environment/__manifest__.py b/auth_saml_environment/__manifest__.py
new file mode 100644
index 0000000..fc30a3b
--- /dev/null
+++ b/auth_saml_environment/__manifest__.py
@@ -0,0 +1,20 @@
+# Copyright 2021 Camptocamp SA (http://www.camptocamp.ch)
+# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html
+
+{
+    "name": "Auth SAML environement",
+    "summary": "Allows system administrator to authenticate with any account",
+    "version": "14.0.1.0.0",
+    "category": "base",
+    "author": "Camptocamp SA,Odoo Community Association (OCA)",
+    "website": "https://github.com/OCA/server-env",
+    "license": "AGPL-3",
+    "depends": [
+        "auth_saml",
+        "server_environment",
+    ],
+    "data": [
+        "views/saml_provider_view.xml",
+    ],
+    "installable": True,
+}
diff --git a/auth_saml_environment/controllers/__init__.py b/auth_saml_environment/controllers/__init__.py
new file mode 100644
index 0000000..12a7e52
--- /dev/null
+++ b/auth_saml_environment/controllers/__init__.py
@@ -0,0 +1 @@
+from . import main
diff --git a/auth_saml_environment/controllers/main.py b/auth_saml_environment/controllers/main.py
new file mode 100644
index 0000000..3bed7b2
--- /dev/null
+++ b/auth_saml_environment/controllers/main.py
@@ -0,0 +1,16 @@
+# Copyright 2021 Camptocamp SA <https://www.camptocamp.com/>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+from odoo.addons.auth_saml.controllers.main import SAMLLogin
+
+
+class SAMLLoginEnv(SAMLLogin):
+    def _list_saml_providers_domain(self):
+        """OVERWRITE domain to return all active IDP
+
+        The configuration of an IDP doesn't rely anymore on
+        sp_pem_public and sp_pem_private as those could be
+        set through sp_pem_private_path and sp_pem_public_path.
+
+        Keeping it simple by relying only on the active field.
+        """
+        return []
diff --git a/auth_saml_environment/models/__init__.py b/auth_saml_environment/models/__init__.py
new file mode 100644
index 0000000..d7324d4
--- /dev/null
+++ b/auth_saml_environment/models/__init__.py
@@ -0,0 +1 @@
+from . import auth_saml_provider
diff --git a/auth_saml_environment/models/auth_saml_provider.py b/auth_saml_environment/models/auth_saml_provider.py
new file mode 100644
index 0000000..88883b3
--- /dev/null
+++ b/auth_saml_environment/models/auth_saml_provider.py
@@ -0,0 +1,44 @@
+# Copyright 2021 Camptocamp SA <https://www.camptocamp.com/>
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl)
+
+from odoo import api, fields, models
+
+
+class AuthSamlProvider(models.Model):
+    _name = "auth.saml.provider"
+    _inherit = ["auth.saml.provider", "server.env.mixin"]
+
+    sp_pem_public_path = fields.Char(
+        string="sp_pem_public_path env config value",
+    )
+
+    sp_pem_private_path = fields.Char(
+        string="sp_pem_private_path env config value",
+    )
+
+    @property
+    def _server_env_fields(self):
+        base_fields = super()._server_env_fields
+        auth_saml_fields = {
+            "idp_metadata": {},
+            "sp_baseurl": {},
+            "sp_pem_public_path": {},
+            "sp_pem_private_path": {},
+        }
+        auth_saml_fields.update(base_fields)
+        return auth_saml_fields
+
+    @api.model
+    def _server_env_global_section_name(self):
+        """Name of the global section in the configuration files
+        Can be customized in your model
+        """
+        return "auth_saml_provider"
+
+    def _get_cert_key_path(self, field="sp_pem_public"):
+        # If the setup is done in env, we want to bypass the base method
+        if self.sp_pem_public_path and field == "sp_pem_public":
+            return self.sp_pem_public_path
+        if self.sp_pem_private_path and field == "sp_pem_private":
+            return self.sp_pem_private_path
+        return super()._get_cert_key_path(field)
diff --git a/auth_saml_environment/readme/CONFIGURE.rst b/auth_saml_environment/readme/CONFIGURE.rst
new file mode 100644
index 0000000..d21de60
--- /dev/null
+++ b/auth_saml_environment/readme/CONFIGURE.rst
@@ -0,0 +1,18 @@
+To configure this module, you need to:
+
+Create a module server_environment_file with a cfg file or set the environment variable
+SERVER_ENV_CONFIG with the following section:
+
+[auth_saml_provider.<name>]
+
+Where <name> is optional and must be equal to the name field you defined in Odoo for the IDP.
+
+
+Example of configuration
+
+[auth_saml_provider.my_idp]
+
+idp_metadata=<...>
+sp_baseurl=https://odoo-community.org
+sp_pem_public_path=/data/cert.pem
+sp_pem_private_path=/data/key.pem
diff --git a/auth_saml_environment/readme/CONTRIBUTORS.rst b/auth_saml_environment/readme/CONTRIBUTORS.rst
new file mode 100644
index 0000000..99bb39f
--- /dev/null
+++ b/auth_saml_environment/readme/CONTRIBUTORS.rst
@@ -0,0 +1,2 @@
+* Denis Leemann <denis.leemann@camptocamp.com>
+* Yannick Vaucher <yannick.vaucher@camptocamp.com>
diff --git a/auth_saml_environment/readme/DESCRIPTION.rst b/auth_saml_environment/readme/DESCRIPTION.rst
new file mode 100644
index 0000000..8c7db20
--- /dev/null
+++ b/auth_saml_environment/readme/DESCRIPTION.rst
@@ -0,0 +1 @@
+This module allows to use server env for SAML configuration
diff --git a/auth_saml_environment/readme/INSTALL.rst b/auth_saml_environment/readme/INSTALL.rst
new file mode 100644
index 0000000..8e5864e
--- /dev/null
+++ b/auth_saml_environment/readme/INSTALL.rst
@@ -0,0 +1,2 @@
+To install this module, you need to have the following modules installed and
+properly configured: `server_environment module` `auth_saml`
diff --git a/auth_saml_environment/readme/ROADMAP.rst b/auth_saml_environment/readme/ROADMAP.rst
new file mode 100644
index 0000000..647e064
--- /dev/null
+++ b/auth_saml_environment/readme/ROADMAP.rst
@@ -0,0 +1,2 @@
+* Due to the special nature of this addon, you cannot test it on the OCA
+  runbot.
diff --git a/auth_saml_environment/readme/USAGE.rst b/auth_saml_environment/readme/USAGE.rst
new file mode 100644
index 0000000..dc77d18
--- /dev/null
+++ b/auth_saml_environment/readme/USAGE.rst
@@ -0,0 +1,6 @@
+Once configured, Odoo will read the Auth SAML Providers values from the
+configuration.
+
+Note that visibility of login button for SAML is changed and differs from `auth_saml` module,
+instead of relying on which fields are filled or not, all providers will be displayed as long
+as their configuration in Odoo are set to active.
diff --git a/auth_saml_environment/static/description/index.html b/auth_saml_environment/static/description/index.html
new file mode 100644
index 0000000..bb1d9ef
--- /dev/null
+++ b/auth_saml_environment/static/description/index.html
@@ -0,0 +1,448 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: http://docutils.sourceforge.net/" />
+<title>Auth SAML environement</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="auth-saml-environement">
+<h1 class="title">Auth SAML environement</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external" href="https://github.com/OCA/server-env/tree/14.0/auth_saml_environment"><img alt="OCA/server-env" src="https://img.shields.io/badge/github-OCA%2Fserver--env-lightgray.png?logo=github" /></a> <a class="reference external" href="https://translation.odoo-community.org/projects/server-env-14-0/server-env-14-0-auth_saml_environment"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external" href="https://runbot.odoo-community.org/runbot/254/14.0"><img alt="Try me on Runbot" src="https://img.shields.io/badge/runbot-Try%20me-875A7B.png" /></a></p>
+<p>This module allows to use server env for saml configuration</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#installation" id="id1">Installation</a></li>
+<li><a class="reference internal" href="#configuration" id="id2">Configuration</a></li>
+<li><a class="reference internal" href="#usage" id="id3">Usage</a></li>
+<li><a class="reference internal" href="#known-issues-roadmap" id="id4">Known issues / Roadmap</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="id5">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="id6">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="id7">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="id8">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="id9">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="installation">
+<h1><a class="toc-backref" href="#id1">Installation</a></h1>
+<p>To install this module, you need to have the following modules installed and
+properly configured: <cite>server_environment module</cite> <cite>auth_saml</cite></p>
+</div>
+<div class="section" id="configuration">
+<h1><a class="toc-backref" href="#id2">Configuration</a></h1>
+<p>To configure this module, you need to:</p>
+<p>TODO</p>
+<p>Example of configuration</p>
+<p>TODO</p>
+</div>
+<div class="section" id="usage">
+<h1><a class="toc-backref" href="#id3">Usage</a></h1>
+<p>Once configured, Odoo will read the Auth SAML Providers values from the
+configuration.</p>
+</div>
+<div class="section" id="known-issues-roadmap">
+<h1><a class="toc-backref" href="#id4">Known issues / Roadmap</a></h1>
+<ul class="simple">
+<li>Due to the special nature of this addon, you cannot test it on the OCA
+runbot.</li>
+</ul>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#id5">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-env/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-env/issues/new?body=module:%20auth_saml_environment%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#id6">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#id7">Authors</a></h2>
+<ul class="simple">
+<li>Camptocamp SA</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#id8">Contributors</a></h2>
+<ul class="simple">
+<li>Denis Leemann &lt;<a class="reference external" href="mailto:denis.leemann&#64;camptocamp.com">denis.leemann&#64;camptocamp.com</a>&gt;</li>
+<li>Yannick Vaucher &lt;<a class="reference external" href="mailto:yannick.vaucher&#64;camptocamp.com">yannick.vaucher&#64;camptocamp.com</a>&gt;</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#id9">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-env/tree/14.0/auth_saml_environment">OCA/server-env</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/auth_saml_environment/tests/__init__.py b/auth_saml_environment/tests/__init__.py
new file mode 100644
index 0000000..120bcdf
--- /dev/null
+++ b/auth_saml_environment/tests/__init__.py
@@ -0,0 +1 @@
+from . import test_environment_variable
diff --git a/auth_saml_environment/tests/test_environment_variable.py b/auth_saml_environment/tests/test_environment_variable.py
new file mode 100644
index 0000000..12600d2
--- /dev/null
+++ b/auth_saml_environment/tests/test_environment_variable.py
@@ -0,0 +1,35 @@
+# Copyright 2021 Camptocamp (https://www.camptocamp.com).
+# License GPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from unittest.mock import patch
+
+from odoo.tools.config import config as odoo_config
+
+from odoo.addons.server_environment import server_env
+from odoo.addons.server_environment.tests.common import ServerEnvironmentCase
+
+
+@patch.dict(odoo_config.options, {"running_env": "testing"})
+class TestEnvironmentVariables(ServerEnvironmentCase):
+    def test_env_variables(self):
+        env_var = (
+            "[auth_saml_provider.sample]\n"
+            "idp_metadata=foo\n"
+            "sp_baseurl=bar\n"
+            "sp_pem_public_path=file1.txt\n"
+            "sp_pem_private_path=file2.txt"
+        )
+        with self.set_config_dir(None), self.set_env_variables(env_var):
+            parser = server_env._load_config()
+            self.assertEqual(
+                list(parser.keys()), ["DEFAULT", "auth_saml_provider.sample"]
+            )
+            self.assertDictEqual(
+                dict(parser["auth_saml_provider.sample"].items()),
+                {
+                    "idp_metadata": "foo",
+                    "sp_baseurl": "bar",
+                    "sp_pem_public_path": "file1.txt",
+                    "sp_pem_private_path": "file2.txt",
+                },
+            )
diff --git a/auth_saml_environment/views/saml_provider_view.xml b/auth_saml_environment/views/saml_provider_view.xml
new file mode 100644
index 0000000..4c47d92
--- /dev/null
+++ b/auth_saml_environment/views/saml_provider_view.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+
+    <record id="view_saml_provider_form" model="ir.ui.view">
+        <field name="name">auth.saml.provider.form</field>
+        <field name="model">auth.saml.provider</field>
+        <field name="inherit_id" ref="auth_saml.view_saml_provider_form" />
+        <field name="arch" type="xml">
+            <xpath expr="//field[@name='sp_pem_public']/.." position="after">
+                <field name="sp_pem_public_path" />
+            </xpath>
+            <xpath expr="//field[@name='sp_pem_private']/.." position="after">
+                <field name="sp_pem_private_path" />
+            </xpath>
+
+            <field name="sp_pem_public" position="attributes">
+                <attribute name="readonly">1</attribute>
+            </field>
+            <field name="sp_pem_private" position="attributes">
+                <attribute name="readonly">1</attribute>
+            </field>
+
+        </field>
+    </record>
+
+</odoo>
diff --git a/oca_dependencies.txt b/oca_dependencies.txt
index ca3c726..3f3feb5 100644
--- a/oca_dependencies.txt
+++ b/oca_dependencies.txt
@@ -1 +1,2 @@
 # See https://github.com/OCA/odoo-community.org/blob/master/website/Contribution/CONTRIBUTING.rst#oca_dependencies-txt
+server-auth
diff --git a/setup/auth_saml_environment/odoo/addons/auth_saml_environment b/setup/auth_saml_environment/odoo/addons/auth_saml_environment
new file mode 120000
index 0000000..0c7e9ca
--- /dev/null
+++ b/setup/auth_saml_environment/odoo/addons/auth_saml_environment
@@ -0,0 +1 @@
+../../../../auth_saml_environment
\ No newline at end of file
diff --git a/setup/auth_saml_environment/setup.py b/setup/auth_saml_environment/setup.py
new file mode 100644
index 0000000..28c57bb
--- /dev/null
+++ b/setup/auth_saml_environment/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)