This is a rather complex discussion as people need to understand how
things work for the discussion to be relevant. I recommend to read the
Symfony2 documentation and probably also the Spring Security documentation.
Just for the record, the Symfony Security Component is based on Spring
Security, which supports SSO, CAS, and much more out of the box. So, the
same should be easy/trivial/possible in Symfony too. My point of view is
probably that we have all we need.
The only things I changed are some names (user <-> principal), the
integration (listeners in Symfony, filters in J2EE) and I also
simplified some parts (because PHP objects are expensive), but not the
interfaces or the low-level architecture.
Fabien
--
Fabien Potencier
Sensio CEO - symfony lead developer
sensiolabs.com | symfony-project.org | fabien.potencier.org
Tél: +33 1 40 99 80 80
On 11/22/10 8:28 PM, Jeremy Mikola wrote:
I wanted to propose a rather quick topic: revisiting the discussion over
the default interfaces in the Security component, particularly regarding
the assumption that users have username/password fields. I was speaking
to Johannes and digitarald (not sure what his real name is) over this
sometime after last week's IRC meeting. Transcript:
https://gist.github.com/710445
The summary was that the existing interfaces in the Security component
seem to assume a specific authentication mechanism, and are not
well-suited for integration with SSO and shared auth methods (CAS,
Facebook, OAuth, etc.). This is relevant to the mailing list discussion
some weeks ago, which a number of folks participated in:
Symfony2: some random thoughts about the new security layer
http://groups.google.com/group/symfony-devs/browse_thread/thread/cfba48ca5c4f756b/6fad459c4d6ec172
Before discussing this Thursday, I hope to gain a deeper understanding
of how the Security component utilizes UsernamePasswordToken and
PreAuthenticatedToken, as the latter seems like it would be appropriate
for SSO. From what I understand presently, the basic AccountInterface,
which everything seems to depend upon, mandates the username/password
requirement. Perhaps the most basic account should only require a
getId() method, and an interface atop that can introduce the
username/password requirement. UsernamePasswordToken would then depend
on that higher interface, while something like PreAuthenticatedToken can
work with the most basic account interface.
I'm not looking for an immediate "how to do SSO with security component"
solution. Rather, I'd just like to consider how we can make that
possible without requiring developers to implement unnecessary code.
Thanks,
--
jeremy mikola
--
If you want to report a vulnerability issue on symfony, please send it
to security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
