Support for REMOTE_USER authentication


I’m new to Tryton, I’m currently deploying my first test environment, I understand that there are native & web clients.

I’m wondering if it’s possible to have a web server infront of the trytond process, configured as reverse proxy that solves authentication and defines a variable (usually REMOTE_USER) I could use for Tryton user authentication. The aim would be to reuse credentials and the users don’t need to remember yet another password.

My specific usecase would be using GMail accounts for example (browser handling OIDC), but it can work for anything that the web server with external modules can handle (Kerberos, SAML2, OIDC, etc)


Tryton was not really designed for such usage. It is based on Authorization header which could be be user/password or a session. But also the user id depends on the database used (as Tryton is multi-database).
So if you can manage to have the proxy retrieved the right user id and create a session in the database table ir_session than you can fill the Authorization header.

But indeed it is probably simpler to use the authentication_saml module or to write that support your preferred protocol (as long it is web based, it should not be difficult).

I think that GApps can also provide SAML2. Will look into it, thanks!.