CAS认证的Symfony2 [英] CAS Authentication Symfony2

问题描述

我正在寻找一个包到CAS认证的Symfony的2.3集成。我发现这些选项，事实是，我不相信任何，因为几乎所有的包似乎没有更新被放弃。

I'm looking for a bundle to integrate CAS authentication on Symfony 2.3. I found these options and the truth is I'm not convinced any, since almost all bundles seem to be abandoned without updating.

1：sensiolabs / CasBundle： https://github.com/sensiolabs/CasBundle
该文档是稀疏的和不完整的。我还没有找到如何使用它的例子。

1.- sensiolabs / CasBundle: https://github.com/sensiolabs/CasBundle The documentation is sparse and incomplete. I have not found any examples of how to use it.

2：BeSimple / BeSimpleSsoAuthBundle：<一href=\"https://github.com/BeSimple/BeSimpleSsoAuthBundle\">https://github.com/BeSimple/BeSimpleSsoAuthBundle
有了这个我测试，我有一些问题。我觉得我对解决4日的问题，我得到的背后另有

2.- BeSimple / BeSimpleSsoAuthBundle: https://github.com/BeSimple/BeSimpleSsoAuthBundle With this I'm testing and I am having some problems. I think I'm on the 4th problem solved and I get behind another.

3 .- Symfony的CAS客户端：<一href=\"https://wiki.jasig.org/display/CASC/Symfony+CAS+Client\">https://wiki.jasig.org/display/CASC/Symfony+CAS+Client
完全过时

3.- Symfony CAS Client: https://wiki.jasig.org/display/CASC/Symfony+CAS+Client Totally outdated

真的，有这么几个选项的symfony与CAS认证？

Really, there are so few options to authenticate with CAS in symfony?

推荐答案

我有同样的问题之前，我用它解决BeSimpleSsoAuthBundle但你必须做一些修改：
假定你有你的用户实体已经被你UserBundle实施，具有独特的属性，SGID你必须覆盖：
1- BeSimple \\ SsoAuthBundle \\安全\\核心\\用户：

I have the same issue before and i resolved it using BeSimpleSsoAuthBundle but you have to make a few changes : Supposed that you have your user entity has been already implemented in your UserBundle, with a unique attribute sgid you have to override : 1- BeSimple\SsoAuthBundle\Security\Core\User :

<?php

namespace Application\UserBundle\Security\BeSimple\SpawnedUserProvider;

use BeSimple\SsoAuthBundle\Security\Core\User\SpawnedUserProvider;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\User;
use Symfony\Component\HttpFoundation\RedirectResponse;


class SsoUserProvider extends SpawnedUserProvider
{
/**
 * @var array
 */
private $roles;

/**
 * Constructor.
 *
 * @param array $roles An array of roles
 */
private $entityManager;
private $securityContext;

public function __construct($em, $securityContext) {
    $this->em = $em; 
    $this->securityContext = $securityContext; 
}

/**
 * {@inheritdoc}
 */
public function loadUserByUsername($username)
{
    $session = $this->securityContext;

    $qb = $this->em->createQueryBuilder();
    $qb->select("u")
        ->from('ApplicationUserBundle:User', 'u')
        ->where('u.sgid = :sgid')
        ->AndWhere('u.status = 1')
        ->setParameter("sgid", $username);

   $result = $qb->getQuery()->getOneOrNullResult();

    if ($result == NULL) {
        $session->getFlashBag()->add('error', 'Vous ne pouvez pas vous connecter car votre compte est désactivé');
        return new RedirectResponse('login');
    }

   $user_name = $result->getFirstName().' '.$result->getLastName();
    $session->set('userId', $result->getId());
   if ($result->getUserType() == 1) {
       $this->roles = array('ROLE_ADMIN');
   }else if ($result->getUserType() == 0){
       $this->roles = array('ROLE_USER');
   }else{
        $session->getFlashBag()->add('error', 'Vous ne pouvez pas vous connecter car votre compte n\'a pas de rôle');
        return new RedirectResponse('logout');
   }
    return $this->spawnUser($user_name);
}

/**
 * {@inheritDoc}
 */
public function refreshUser(UserInterface $user)
{
    if (!$user instanceof User) {
        throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
    }

    return $this->spawnUser($user->getUsername());
}

/**
 * {@inheritDoc}
 */
public function supportsClass($class)
{
    return $class === 'Symfony\Component\Security\Core\User\User';
}

/**
 * Spawns a new user with given username.
 *
 * @param string $username
 *
 * @return \Symfony\Component\Security\Core\User\User
 */
private function spawnUser($username)
{
    //$this->roles = $this->userType;
    return new User($username, null, (array)$this->roles, true, true, true, true);
  }
}

2 - 覆盖也BeSimple \\ SsoAuthBundle \\安全\\核心\\认证\\提供商：

2- Override also BeSimple\SsoAuthBundle\Security\Core\Authentication\Provider :

<?php

namespace Application\UserBundle\Security\BeSimple\Authentication\Provider;

use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
use Symfony\Component\Security\Core\Exception\BadCredentialsException;
use BeSimple\SsoAuthBundle\Security\Core\User\UserFactoryInterface;

/*
 * @Override 
 */
use    BeSimple\SsoAuthBundle\Security\Core\Authentication\Provider\SsoAuthenticationPr ovider;

class AppAuthenticationProvider extends SsoAuthenticationProvider
{
/**
 * @var UserProviderInterface
 */
private $userProvider;

/**
 * @var bool
 */
private $createUsers;

/**
 * @var bool
 */
private $hideUserNotFound;

/**
 * @Override file
 * @throws \Symfony\Component\Security\Core\Exception\UsernameNotFoundException
 * @throws \Symfony\Component\Security\Core\Exception\BadCredentialsException
 *
 * @param string $username
 * @param array $attributes
 *
 * @return UserInterface
 */
protected function provideUser($username, array $attributes = array())
{
    try {
        $user = $this->retrieveUser($username);
    } catch (UsernameNotFoundException $notFound) {
        if ($this->createUsers && $this->userProvider instanceof UserFactoryInterface) {
            $user = $this->createUser($username, $attributes);
        } elseif ($this->hideUserNotFound) {
            throw new BadCredentialsException('Bad credentials', 0, $notFound);
        } else {
            throw $notFound;
        }
    }

    return $user;
  }

}

3。当用户登录到应用程序保存在会话所需的信息：

3- When user login to your application save needed information in session :

<?php

namespace Application\UserBundle\Security\Authentication\Handler;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\Routing\Router;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\Security\Http\Authentication\AuthenticationSuccessHandlerInterface;
use Doctrine\ORM\EntityManager;

class LoginSuccessHandler implements AuthenticationSuccessHandlerInterface
{
protected 
    $router,
    $security,
    $entityManager;

public function __construct(Router $router, SecurityContext $security, EntityManager $entityManager)
{
    $this->router = $router;
    $this->security = $security;
    $this->entityManager = $entityManager;
}

public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
    $session = $request->getSession();

    $attributes = $this->security->getToken()->getAttributes();
    $sgid = $attributes['sso:validation']['sgid'];

    $em = $this->entityManager;
    $qb = $em->createQueryBuilder();
    $qb->select("u")
        ->from('ApplicationUserBundle:User', 'u')
        ->where('u.sgid = :sgid')
        ->AndWhere('u.status = 1')
        ->setParameter("sgid", $sgid);

    $result = $qb->getQuery()->getOneOrNullResult();

    //en cas où utilisateur est désactivée
    //Malgre que si il arrive a cette handler ça veut dire qu'il activé car le test se fait sur le bundle BeSimple
    if ($result == NULL) {
        return new RedirectResponse($this->router->generate('login'));
    }

    $session->set('userId', $result->getId());

    $response = new RedirectResponse('admin');

    return $response;
  }
}

4-现在，在应用程序定义安全听者/ UserBundle / Ressources /配置/ security_listeners.yml：

4- Now define a security listner in Application/UserBundle/Ressources/config/security_listeners.yml :

parameters:
    security.authentication.provider.sso.class: Application\UserBundle\Security\BeSimple\Authentication\Provider\AppAuthenticationProvider

services:
    security.authentication.provider.sso:
        class: %security.authentication.provider.sso.class%
        public: false
        arguments: ['', '@security.user_checker', '', '', false]

5- BeSimple的配置应该是这样的：

5- The BeSimple configuration should be like that :

be_simple_sso_auth:
admin_sso:
    protocol:
        id: cas
        version: 2
    server:
        id: cas
        login_url: https://adresse ip:8443/cas-server-webapp-4.0.0/login
        logout_url: https://adresse ip:8443/cas-server-webapp-4.0.0/logout
        validation_url: https://adresse ip:8443/cas-server-webapp-4.0.0/serviceValidate
services:

    spawned_user_provider:
        class:     Application\UserBundle\Security\BeSimple\SpawnedUserProvider\SsoUserProvider
    arguments: [@doctrine.orm.entity_manager, @session]

6- parameters.yml

6- The parameters.yml

  be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false
  be_simple.sso_auth.client.option.curlopt_sslversion.value: 4 (Optionale)

7的security.yml

7- The security.yml

  main:
        pattern: ^/admin
        context: marketshare_context
        logout:
            path:   /admin/logout
            target: /
        #provider: sso
        trusted_sso:
            manager: admin_sso
            login_action: ApplicationUserBundle:TrustedSso:login
            logout_action: false
            login_path: /admin/login
            check_path: /admin/check
            always_use_default_target_path: true
            default_target_path: /admin/potentiel
            failure_path: /admin/logout

这篇关于CAS认证的Symfony2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！