Place upper bound in cryptography indirect dependency

auth_saml/__manifest__.py

@@ -11,7 +11,14 @@
     "license": "AGPL-3",
     "depends": ["base_setup"],
     "external_dependencies": {
-        "python": ["pysaml2"],
+        # Place an upper bound on cryptography version to be compatible with
+        # pyopenssl 19 mentioned in Odoo 15's requirements.txt. If we don't do
+        # this, installing this module will try to upgrade cryptography to the latest
+        # version because the minimum required version in pysaml2 (>=3.1) is greater than
+        # version 2.6 (from Odoo's requirement.txt). Since cryptography/pyopenssl don't
+        # declare minimum supported versions, this lead to inconsistencies.
+        # https://github.com/OCA/server-auth/issues/424
+        "python": ["pysaml2", "cryptography<37"],
         "bin": ["xmlsec1"],
         # special definition used by OCA to install packages
         "deb": ["xmlsec1"],

requirements.txt

@@ -1,2 +1,3 @@
 # generated from manifests external_dependencies
+cryptography<37
 pysaml2