Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[#34] Implement authentication failure listener
The primary purpose of impementing an authentication failure listener is to handle the case when a user is not available via a user provider or if a user provider is not specified at all. Without the listener, if the user does not exist in the provider's data store, or if there is no provider configured at all, then when a user successfully authenticates their browser will be entered into a redirection loop. With the listener, an error page is displayed that indicates that the user does not exist.
- Loading branch information
Showing
3 changed files
with
125 additions
and
75 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,75 +1,75 @@ | ||
Authentication through SSO CAS Server with Symfony2 | ||
=================================================== | ||
|
||
- use the Bundle : BeSimpleSsoAuthBundle (instal with Composer) | ||
- be careful on dependences : Buzz needs a recent version of libcurl (7.19 ??) | ||
|
||
|
||
Configure SSO | ||
------------- | ||
|
||
In config.yml: | ||
|
||
be_simple_sso_auth: | ||
admin_sso: | ||
protocol: | ||
id: cas | ||
version: 2 | ||
server: | ||
id: cas | ||
login_url: https://cas.server.tld/login | ||
logout_url: https://cas.server.tld/logout | ||
validation_url: https://cas.server.tld/serviceValidate | ||
|
||
|
||
|
||
Create a firewall | ||
----------------- | ||
|
||
In security.yml: | ||
|
||
my_firewall: | ||
pattern: ^/ | ||
anonymous: ~ | ||
trusted_sso: | ||
manager: admin_sso | ||
|
||
login_action: false # BeSimpleSsoAuthBundle:TrustedSso:login | ||
logout_action: false # BeSimpleSsoAuthBundle:TrustedSso:logout | ||
create_users: true | ||
created_users_roles: [ROLE_USER ] | ||
check_path: / | ||
|
||
|
||
Create all routes (mandatory even if there is no controller) | ||
------------------------------------------------------------ | ||
|
||
In routing.yml : | ||
|
||
login: | ||
pattern: /login | ||
|
||
logout: | ||
pattern: /logout | ||
|
||
Providers | ||
--------- | ||
|
||
Example with Propel: | ||
|
||
providers: | ||
administrators: | ||
propel: | ||
class: Altern\CdtBundle\Model\User | ||
property: username | ||
The propel User Class must implement \Symfony\Component\Security\Core\User\UserInterface | ||
|
||
|
||
If necessary, you can disable SSL Certificat Verification | ||
--------------------------------------------------------- | ||
|
||
Add in parameters.ini : | ||
|
||
be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: FALSE | ||
Authentication through SSO CAS Server with Symfony2 | ||
=================================================== | ||
|
||
- use the Bundle : BeSimpleSsoAuthBundle (install with Composer) | ||
- be careful on dependences : Buzz needs a recent version of libcurl (7.19 ??) | ||
|
||
|
||
Configure SSO | ||
------------- | ||
|
||
In config.yml: | ||
|
||
be_simple_sso_auth: | ||
admin_sso: | ||
protocol: | ||
id: cas | ||
version: 2 | ||
server: | ||
id: cas | ||
login_url: https://cas.server.tld/login | ||
logout_url: https://cas.server.tld/logout | ||
validation_url: https://cas.server.tld/serviceValidate | ||
|
||
|
||
|
||
Create a firewall | ||
----------------- | ||
|
||
In security.yml: | ||
|
||
my_firewall: | ||
pattern: ^/ | ||
anonymous: ~ | ||
trusted_sso: | ||
manager: admin_sso | ||
|
||
login_action: false # BeSimpleSsoAuthBundle:TrustedSso:login | ||
logout_action: false # BeSimpleSsoAuthBundle:TrustedSso:logout | ||
create_users: true | ||
created_users_roles: [ROLE_USER ] | ||
check_path: / | ||
|
||
|
||
Create all routes (mandatory even if there is no controller) | ||
------------------------------------------------------------ | ||
|
||
In routing.yml : | ||
|
||
login: | ||
pattern: /login | ||
|
||
logout: | ||
pattern: /logout | ||
|
||
Providers | ||
--------- | ||
|
||
Example with Propel: | ||
|
||
providers: | ||
administrators: | ||
propel: | ||
class: Altern\CdtBundle\Model\User | ||
property: username | ||
The propel User Class must implement \Symfony\Component\Security\Core\User\UserInterface | ||
|
||
|
||
If necessary, you can disable SSL Certificate Verification | ||
--------------------------------------------------------- | ||
|
||
Add in parameters.ini : | ||
|
||
be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: FALSE |
44 changes: 44 additions & 0 deletions
44
Security/Http/Authentication/SsoAuthenticationFailureHandler.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
<?php | ||
|
||
namespace BeSimple\SsoAuthBundle\Security\Http\Authentication; | ||
|
||
use Symfony\Component\HttpFoundation\Request; | ||
use Symfony\Component\HttpFoundation\Response; | ||
use Symfony\Component\Security\Core\Exception\AuthenticationException; | ||
use Symfony\Component\Security\Http\Authentication\AuthenticationFailureHandlerInterface; | ||
|
||
class SsoAuthenticationFailureHandler implements AuthenticationFailureHandlerInterface | ||
{ | ||
private $templating; | ||
|
||
/** | ||
* @param $templating Templating service for rendering responses. | ||
*/ | ||
public function __construct($templating) { | ||
$this->templating = $templating; | ||
} | ||
|
||
/** | ||
* This is called when an interactive authentication attempt fails. | ||
* | ||
* @param Request $request | ||
* @param AuthenticationException $exception | ||
* | ||
* @return Response | ||
*/ | ||
public function onAuthenticationFailure(Request $request, AuthenticationException $exception) | ||
{ | ||
if ($request->isXmlHttpRequest()) { | ||
$result = array('success' => false); | ||
return new Response(json_encode($result)); | ||
} else { | ||
// Handle non XmlHttp request. | ||
$parameters = array( | ||
'status_text' => $exception->getMessage(), | ||
'status_code' => $exception->getCode(), | ||
); | ||
|
||
return $this->templating->renderResponse('TwigBundle:Exception:error.html.twig', $parameters); | ||
} | ||
} | ||
} |