public function testEraseCredentialFlag()
{
$manager = new AuthenticationProviderManager(array($this->getAuthenticationProvider(true, $token = new UsernamePasswordToken('foo', 'bar', 'key'))));
$token = $manager->authenticate($this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface'));
$this->assertEquals('', $token->getCredentials());
$manager = new AuthenticationProviderManager(array($this->getAuthenticationProvider(true, $token = new UsernamePasswordToken('foo', 'bar', 'key'))), false);
$token = $manager->authenticate($this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface'));
$this->assertEquals('bar', $token->getCredentials());
}
/**
* Authenticate with SimpleSAMLphp.
*
* @return null|\Symfony\Component\Security\Core\Authentication\Token\TokenInterface
*/
public function authenticate()
{
$config = sspmod_janus_DiContainer::getInstance()->getConfig();
// The User Provider, to look up users and their secrets.
$userProvider = new UserService($this->getEntityManager(), $config);
// In case of the REST API v1 or the Installer we are pre authenticated.
if (self::$preAuth) {
$token = new PreAuthenticatedToken(static::$preAuth['user'], '', static::$preAuth['provider']);
$provider = new PreAuthenticatedAuthenticationProvider($userProvider, new \Symfony\Component\Security\Core\User\UserChecker(), static::$preAuth['provider']);
// Otherwise use SSP as our Authentication Provider.
} else {
$token = new SspToken();
$provider = new SspProvider($userProvider, $config);
}
// And a custom authentication manager with a single provider.
$authenticationManager = new AuthenticationProviderManager(array($provider));
// And we use that provider to authenticate, which calls triggers SSP to authenticate and
// puts it's information in our custom token.
return $authenticationManager->authenticate($token);
}
backend:
provider: app_users
pattern: ^/admin
logout:
path: logout
target: login
form_login_ldap:
service: app.ldap
dn_string: CN={username},OU=Users,DC=example,DC=com
check_path: login_check
login_path: login
*/
$config = ['host' => 'localhost', 'port' => 389];
$baseDn = 'dc=openldap,dc=com';
$adapter = new Adapter($config);
$adapter->getConnection()->setOption('PROTOCOL_VERSION', 3);
$ldap = new Ldap($adapter);
// To use full DN string as a login, replace filter parameter.
// Use `cn` as uidKey, default is Active Directory specific.
$userProvider = new LdapUserProvider($ldap, $baseDn, 'cn=admin,ou=admins,' . $baseDn, 'admin', [], 'cn');
// If anonymous search is enabled.
//$userProvider = new LdapUserProvider($ldap, $baseDn, null, null, [], 'cn');
// Without the search DN string provider cannot perform search.
//$userProvider = new LdapUserProvider($ldap, 'dc=openldap,dc=com', null, null, [], 'cn');
$authProvider = new LdapBindAuthenticationProvider($userProvider, new UserChecker(), 'ldap', $ldap, 'cn={username},ou=People,' . $baseDn, false);
$authManager = new AuthenticationProviderManager([$authProvider]);
// To use DN as login the provider should be tuned.
$unAuthToken = new UsernamePasswordToken('user1', 'user1', 'ldap');
$token = $authManager->authenticate($unAuthToken);
$result = $token->isAuthenticated();
var_dump('Good!', $result);
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
$provider = new DaoAuthenticationProvider($this->userProvider, $this->userChecker, $this->firewall, $this->encoderFactory);
$authenticationProviderManager = new AuthenticationProviderManager([$provider]);
$authenticatedToken = $authenticationProviderManager->authenticate($token);
$this->tokenStorage->setToken($authenticatedToken);
//now the user is logged in
$this->session->set("_{$this->firewall}", serialize($authenticatedToken));
//now dispatch the login event
$event = new InteractiveLoginEvent($this->request, $authenticatedToken);
$this->eventDispatcher->dispatch('security.interactive_login', $event);
return $authenticatedToken;
}
