需要帮助使BeSimpleSsoAuthBundle与FOSUserBundle一起使用

时间:2013-08-28 16:50:26

标签: php symfony fosuserbundle cas

我已成功实施了github site中所述的FOSUserbundle。但是,我还需要让我的网站使用BeSimpleSsoAuthBundle。

用例是用户可以在网站上注册但是如果他们有SSO,他们仍然可以登录(并且无意中在本地创建用户)。我还根据github site

安装了BeSimpleSsoAuthBundle包

我想要做的是向用户显示登录表单并获取这些凭据并针对本地数据库运行它们,如果它们不匹配,则检查SSO服务器。如果SSO服务器没有凭据,我然后在本地创建用户。

我的security.yml

security:
    encoders:
        FOS\UserBundle\Model\UserInterface: sha512

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:

        fos_userbundle:
            id: fos_user.user_provider.username

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false


        main:
            pattern: ^/
            form_login:
                provider: fos_userbundle
                csrf_provider: form.csrf_provider
            logout:       true
            anonymous:    true
            #anonymous: ~
            #http_basic:
            #    realm: "Secured Demo Area"


        my_firewall:
            pattern: ^/admin/.*$
            trusted_sso:
                manager: admin_sso
                login_action: BeSimpleSsoAuthBundle:TrustedSso:login
                logout_action: BeSimpleSsoAuthBundle:TrustedSso:logout
                create_users: true
                created_users_roles: [ROLE_USER, ROLE_ADMIN]    



    access_control:
        - { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }
        #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

        - { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/admin/, role: ROLE_ADMIN }

我的config.yml:

imports:
    - { resource: parameters.yml }
    - { resource: security.yml }

framework:
    #esi:             ~
    translator:      { fallback: %locale% }
    secret:          %secret%
    router:
        resource: "%kernel.root_dir%/config/routing.yml"
        strict_requirements: ~
    form:            ~
    csrf_protection: ~
    validation:      { enable_annotations: true }
    templating:
        engines: ['twig']
        #assets_version: SomeVersionScheme
    default_locale:  "%locale%"
    trusted_proxies: ~
    session:         ~
    fragments:       ~
    trusted_hosts:   ~

# Twig Configuration
twig:
    debug:            %kernel.debug%
    strict_variables: %kernel.debug%

# Assetic Configuration
assetic:
    debug:          %kernel.debug%
    use_controller: false
    bundles:        [ MainReferralCaptureBundle ]
    #java: /usr/bin/java
    filters:
        cssrewrite: ~
        #closure:
        #    jar: %kernel.root_dir%/Resources/java/compiler.jar
        #yui_css:
        #    jar: %kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar

# Doctrine Configuration
doctrine:
    dbal:
        driver:   %database_driver%
        host:     %database_host%
        port:     %database_port%
        dbname:   %database_name%
        user:     %database_user%
        password: %database_password%
        charset:  UTF8
        # if using pdo_sqlite as your database driver, add the path in parameters.yml
        # e.g. database_path: %kernel.root_dir%/data/data.db3
        # path:     %database_path%

    orm:
        auto_generate_proxy_classes: %kernel.debug%
        auto_mapping: true

# Swiftmailer Configuration
swiftmailer:
    transport: %mailer_transport%
    host:      %mailer_host%
    username:  %mailer_user%
    password:  %mailer_password%
    spool:     { type: memory }


fos_user:
    db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
    firewall_name: main
    user_class: Main\ReferralCaptureBundle\Entity\User


#be_simple_sso_auth: ~


be_simple_sso_auth:
    admin_sso:
        protocol:
            id: cas
            version: 2
        server:
            id: cas
            login_url: http://cas.server.tld/login
            logout_url: http://cas.server.tld/logout
            validation_url: http://cas.server.tld/serviceValidate

有人可以帮助我做我想做的事吗?

许多人提前感谢

0 个答案:

没有答案