Connect Tryton to Gluu using oxd-server

I want to connect tryton with Gluu using oxd-server, so that Tryton login Authentication can be done by Gluu.

Note - I am working on version 5.0

Can anyone help me how tryton will communicate with oxd-server ?

if I don’t mess myself, oxd-server is

so I assume you want to develop a tryton module to add authentification method to use oxd-server.

you could take a look at others modules providing alternate authentification:

So you want to implement OpenID or OAuth with Tryton?
The way OpenID is designed will require customization on the client side because the client needs to contact the identify provider for identity token. It is probably doable by customizing the Login class of both clients.
But before starting, I think it is good to think if it is really useful. OpenID/OAuth are designed to delegate authentication to third party but is it really wanted for a business application where users are well known and must be given specific access/role.

In the past I have played python-saml2 but didn’t go any further because of time. The idea was to have SSO with Tryton. This was done with a webapp.
With SAML the user was able to log in without providing any information. First the webapp sends some background information (which your browser sends) to the (internal) Identity Provider. This checks the authenticity and age of the information. If everything is correct, the IDP sends back a go. Otherwise the systems gets a no-go and the user should log in.
You can also think of a more simple system like Kerberos.

In the end, it would be nice to be able to use those kind of mechanisms as they are more and more used in business applications.

The third party can be yourself. You can set up your own IDP. Take for example a look at FreeIPA, they use kerberos for there SSO service.

For me, it is doable as client plugins as-is. But if someone starts to work on such plugin, we could improve the Login mechanism if he find some needs.

Then you loose the main interest of those systems which is not manage the authentication.

For OpenID or Oauth you are right, but there are (the bigger) companies and organizations who want to have one username and password for all there applications. Generally speaking one place where the usernames an passwords live. OpenID or Oauth are the other way around, multiple places where the usernames and passwords live.
I think, Tryton can support both. We are using the authentication_ldap module to have username and password exactly the same as the login for windows, email etc. It would be nice to have something where the user just presses <enter> without entering a password and even able to login because of a Kerberos ticket.

Yes, I want to develop a tryton module to add authentication method to use oxd-server for the client side

This is such a great conversation held.

Actually in my organisation, User will use different different Application, so I need to centralized the authentication process.
I will setup Gluu on a server and tryton will setup on different server.

So what customization need to be done for establishing the connection between tryton and Gluu using oxd-server on client side ?

Why not using a LDAP for that? Tryton has already a module that makes authentication through LDAP.

As per my knowledge, via Ldap I can’t implement SSO.
And I want to implement SSO also, that’s why I am trying to setup oxd-server.

The current Tryton LDAP module is able to log you in with the same username and password as you logged in into your system for example. It can be a start but is indeed not SSO.
If you want to implement SSO just within your organization and you have a Linux server backend, I recommend to use Kerberos. Eventually you can use LDAP as your username / password storage.

So the first thing I would do, is to setup a working test system with Kerberos, eventually using freeIPA, which does a LOT for you.
Then the next thing is to look if it is possible to log into Tryton with the Kerberos ticket. You can read a bit more about Python and Kerberos at