Message-ID: <871630112.3488.1485853384446.JavaMail.confluence@ip-10-127-227-164> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_3487_1672785012.1485853384446" ------=_Part_3487_1672785012.1485853384446 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html Authentication

Authentication

(>=3D EZP 5.3, >=3D EZP Community 2014.01)

=20 =20

Version compatibility

This documentation page is compatible with eZ Publish 5.3 /= 2014.01

Prior to these versions, authentication was made through legacy st= ack only, using the venerable user/login&nbs= p;module, with the help of a PreAuthenticatedProvider.

Authe= ntication using Symfony Security component

 Native and universal form_login&= nbsp;is used, in conjunction to an extended DaoAuthentica= tionProvider (DAO stands for Data Access = Object), the RepositoryAuthenticationProvider<= /code>. Native behavior of DaoAuthenticationProvide= r has been preserved, making it possible to still use it = for pure Symfony applications.

Security controller

SecurityController is used to manage all securi= ty related actions and is thus used to display login form. It is pretty str= aight forward and follows all standards explained in Symfony security documentation.

Base template used is EzPublishCoreBundle:Security:login.html= .twig and stands as follows:

=20 
{% extends layout %}

{% block content %}
    {% block login_content %}
        {% if error %}
            <div>{{ error.message|trans }}</div>
        {% endif %}

        <form action=3D"{{ path( 'login_check' ) }}" method=3D"post">
        {% block login_fields %}
            <label for=3D"username">{{ 'Username:'|trans }}</label=
>
            <input type=3D"text" id=3D"username" name=3D"_username" valu=
e=3D"{{ last_username }}" />

            <label for=3D"password">{{ 'Password:'|trans }}</label=
>
            <input type=3D"password" id=3D"password" name=3D"_password" =
/>

            <input type=3D"hidden" name=3D"_csrf_token" value=3D"{{ csrf=
_token }}" />

            {#
                If you want to control the URL the user
                is redirected to on success (more details below)
                <input type=3D"hidden" name=3D"_target_path" value=3D"/a=
ccount" />
            #}

            <button type=3D"submit">{{ 'Login'|trans }}</button>=
;
        {% endblock %}
        </form>
    {% endblock %}
{% endblock %}
=20

The layout used by default is %ezpublish.c= ontent_view.viewbase_layout% (empty layout) but can be co= nfigured easily as well as the login template:

ezpublish.yml
=20 
ezpublish:
    system:
        my_siteaccess:
            user:
                layout: "AcmeTestBundle::layout.html.twig"
                login_template: "AcmeTestBundle:User:login.html.twig"
= =20

Redirection after login

By default, Symfony redirects to the URI configured in security.yml as = ;default_target_path. If not set, it will default to = /.

This setting can be set by SiteAccess, via default_page settin= g.

Configuration

To use Symfony authentication with eZ Publish, the configuration g= oes as follows:

ezpublish/config/security.yml
=20 
security:
    firewalls:
        ezpublish_front:
            pattern: ^/
            anonymous: ~
            form_login:
                require_previous_session: false
            logout: ~
=20
ezpublish/config/routing.yml
=20 
login:
    path:   /login
    defaults:  { _controller: ezpublish.security.controller:loginAction }
login_check:
    path:   /login_check
logout:
    path:   /logout
=20

Note

You can fully customize the routes and/or the controller used for login.= However, ensure to match login_path, check_path = and logout.path from security.yml.

See security configuration re= ference and stan= dard login form documentation.

 

Access control

See the do= cumentation on access control

Remember me

It is possible to use the remember_me functionali= ty. For this you can refer to the Symfony cookbook on this topic.

If you want to use this feature, you must at least extend the login temp= late in order to add the required checkbox:

=20 
{# your_login_template.html.twig #}
{% extends "EzPublishCoreBundle:Security:login.html.twig" %}

{% block login_fields %}
    {{ parent() }}
    <input type=3D"checkbox" id=3D"remember_me" name=3D"_remember_me" ch=
ecked />
    <label for=3D"remember_me">Keep me logged in</label>
{% endblock %}
=20

Login handlers / SSO

Symfony provides native support for multiple user providers. This makes it easy to i= ntegrate any kind of login handlers, including SSO and existing 3rd party b= undles (e.g. FR3DLdapBundleHWIOauthBundleFOSUserBundle,&= nbsp;BeSimpleSsoAuthBundle...).

Further explanation can be found in the multiple user provide= rs cookbook entry.

Integration with Legacy
  • When not in legacy mode, legacy u= ser/login and user/logout views are deac= tivated.
  • Authenticated user is injected in legacy kernel.

Authenticatio= n with Legacy SSO Handlers

To be able to use your legacy SSO (Single Sign-on) handlers, use the fol= lowing config in your ezpublish/config/security.yml:

Use your legacy SSO handlers
=20 
security:
    firewalls:
        ezpublish_front:
            pattern: ^/
            anonymous: ~
            # Adding the following entry will activate the use of old SSO h=
andlers.
            ezpublish_legacy_sso: ~
=20
If you need to create your legacy SSO Handler, pl= ease read this entry

Upgrade notes

Follow the notes below if you upgrade from 5.2 to 5.3 / 2013.11 to 2014.= 01

Before:

=20 
<a href=3D"{{ path( 'ez_legacy', {'module_uri': '/user/login'} )=
 }}">Login</a>

<form action=3D"{{ path( 'ez_legacy', {'module_uri': '/user/login'} ) }}=
" method=3D"post">

<a href=3D"{{ path( 'ez_legacy', {'module_uri': '/user/logout'} ) }}">=
;Logout</a>
=20

After:

=20 
<a href=3D"{{ path( 'login' ) }}">Login</a>

<form action=3D"{{ path( 'login_check' ) }}" method=3D"post">

<a href=3D"{{ path( 'logout' ) }}">Logout</a>
=20
------=_Part_3487_1672785012.1485853384446--