According to the documentation :

login_path: path to redirect to when login needed.

It seems that it is actually not used by the bundle...
At least, setting it doesn't produce any effect.

Here is a sample of my app/config/security.yml (in case i just didn't get it):

security:
    #...
    firewalls:
        #...
        secured_area:
            switch_user: true
            anonymous: ~
            pattern:    ^/
            form_login:
                login_path: extranet_login
                check_path: extranet_security_check
            logout:
                path:   extranet_logout
                target: extranet_login
            http_basic:
                realm: "Espace Prive"
            trusted_sso:
                manager: my_cas
                login_path: /login
                check_path: /login_check
                login_action: ExtranetBundle:Default:login
                logout_action: ExtranetBundle:Default:logout
                create_users: false
                created_users_roles: [ROLE_USER]

Can someone enlighten this out please?

Hello,
I have a new problem. I can't logout. If I try on my app.php, it redirects me to ..../app.php/login_check and says :
Oops! An Error Occurred
The server returned a "404 Not Found".
Something is broken. Please e-mail us at [email] and let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.
If I try on my app_dev.php, it redirects me to ..../app_dev.php/login_check and says :
Unable to find the controller for path "/login_check". Maybe you forgot to add the matching route in your routing configuration?
I don't understand, my login check is working because I can connect to my app and see my website.

Hi and excuse my english,

I'm trying to make a ternary relationship management Roles.
In my example I have 3 entities User, Role, and Lab.
I would like to have roles for a user based on lab in which is (we manage this by environment), I created a Profile entity with keys User and Lab. To this I added a relationship ManyToMany for Roles.

My problem comes when I redefined the method loadUserByUsername:
Once connected there is a difference in Roles between Token and Session.

What seems weird, if I switch on my own account I get well good Roles ...
So I implemented EquatableInterface to compare the Token and Session, it is the difference in Roles so it makes a refreshUser, and this is why I get this error in title.

Here is the code and thank you for your help

User.php

Hello

There is a bug with multiple provider in security.yml

ex :
1 provider for frontend
1 provider for backend
1 firewall for frontend
1 firewall for backend

the validation ticket is always execute with the first declaration in security.yml.

Hello,
new issue again, how can we get user information from the CAS ? Like id, cn, mail, etc ?? The goal is to add new users imported from the server.

Sorry, but I'm not sure of this. I guess that this line in BeSimple\SsoAuthBundle\Security\Core\Authentication\ProviderSsoAuthenticationProvider.php is wrong:

71:         $token->setAttributes($token->getAttributes());

should be:

71:         $token->setAttributes($validation->getAttributes());

The problem is that I'm trying to get the attributes from CAS and I don't know how. Reading the code to learn how do it, I found this line. It called my attention because you're setting from the same getting variable.

Please, can you add a composer.json file and add the package to packagist site? Thanks in advance.

Actually there are no way to get the attributes from the CAS Server (or any future SSO system).

I am developing an application in Symfony to manage multiple schools. The application has multiple databases, one for each school, and multiple CAS servers.

If I only manage a school, the configuration would be like this:

# config.yml
be_simple_sso_auth:
    admin_sso:
        protocol:
            id: cas
            version: 2
        server:
            id: cas
            login_url: https://cas01.XXX.com/SCHOOLID/login
            logout_url: https://cas01.XXX.com/SCHOOL_ID/logout
            validation_url: https://cas01.XXX.com/SCHOOL_ID/serviceValidate

# security.yml
firewalls:
    school:
        pattern: ^/school/.*$
        trusted_sso:
            manager: admin_sso
            login_action: false 
            logout_action: false 
            create_users: true
            created_users_roles: [ROLE_USER, ROLE_ADMIN]
            login_path: /school/login
            check_path: /school/login_check
        logout:
            path:   /school/logout
            target: /school

With one school everything works fine.

Each school accesses the application through the path app.com/school/ID, for example app.com/school/29, app.com/school/54...

I wonder if there is way to have multiple dynamic firewall depending on the ID. And use this ID to redirect each CAS URL:

https://cas01.XXX.com/school_29/login, https://cas01.XXX.com/school_54/login ...

I created a new file: app/config/cas.php, and I've added some CAS servers settings

# CAS 14
$container->loadFromExtension('be_simple_sso_auth', array(
    'cas_14' => array(
        'protocol' => array(
            'id' => 'cas',
            'version' => '2'
        ),
        'server' => array(
            'id' => 'cas',
            'login_url' => 'https://cas01.XXX.com/14/login',
            'logout_url' => 'https://cas01.XXX.com/14/logout',
            'validation_url' => 'https://cas01.XXX.com/14/serviceValidate',
        ),
    ),

));

# CAS 15
$container->loadFromExtension('be_simple_sso_auth', array(
    'cas_15' => array(
        'protocol' => array(
            'id' => 'cas',
            'version' => '2'
        ),
        'server' => array(
            'id' => 'cas',
            'login_url' => 'https://cas01.XXX.com/15/login',
            'logout_url' => 'https://cas01.XXX.com/15/logout',
            'validation_url' => 'https://cas01.XXX.com/15/serviceValidate',
        ),
    ),

));

And i import this file in config.yml

imports:
    - { resource: parameters.yml }
    - { resource: cas.php }
    - { resource: security.yml }
And i add a new firewall for each school:

firewalls:
    backend_14:
        pattern: ^/backend/school/14/.*$
        trusted_sso:
            manager: cas_14
            login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
            logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
            create_users: true
            created_users_roles: [ROLE_USER, ROLE_ADMIN]
            login_path: /backend/school/14/login
            check_path: /backend/school/14/login_check
        logout:
            path:   /backend/school/logout
            target: /backend

    backend_15:
        pattern: ^/backend/school/15/.*$
        trusted_sso:
            manager: cas_15
            login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
            logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
            create_users: true
            created_users_roles: [ROLE_USER, ROLE_ADMIN]
            login_path: /backend/school/15/login
            check_path: /backend/school/15/login_check
        logout:
            path:   /backend/school/logout
            target: /backend

And all goes right!

Now I'm trying to generate all cas.php configuration dynamic from the Entity School. First i try creating a method in SchoolController

public function loadCasConfig()
{
    $em = $this->getDoctrine()->getManager();

    $schools= $em->getRepository('SchoolBundle:School')
                  ->findBy(array(), array('name'=> 'ASC'));


    foreach ($schools as $school) {

        $cas_name = 'cas_'.$school->getId();

        $container->loadFromExtension('be_simple_sso_auth', array(
            "$cas_name" => array(
                'protocol' => array(
                    'id' => 'cas',
                    'version' => '2'
                ),
                'server' => array(
                    'id' => 'cas',
                    'login_url' => "https://cas01.XXX.com/$school->getId()/login",
                    'logout_url' => "https://cas01.XXX.com/$school->getId()/logout",
                    'validation_url' => "https://cas01.XXX.com/$school->getId()/serviceValidate",
                ),
            ),

        ));

    }
}

and call it on cas.php file

<?php   

use Comp\BackendBundle\Controller\SchoolController;

SchoolController::loadCasConfig();

but i have this Exception:

FileLoaderLoadException: Cannot import resource     
"C:\wamp\www\comp\app/config\cas.php" from     
"C:\wamp\www\comp\app/config\config.yml". (Runtime Notice: Non-static method     
Comp\BackendBundle\Controller\SchoolController::loadCasConfig() should not be     
called statically, assuming $this from incompatible context in     C:\wamp\www\comp\app\config\cas.php line 5)

:(. Then i try to insert the method code in the cas.php file:

use Doctrine\ORM\EntityManager;
use Comp\SchoolBundle\Entity\School;

$em = $this->getDoctrine()->getManager();

$schools= $em->getRepository('SchoolBundle:School')
              ->findBy(array(), array('name'=> 'ASC'));


foreach ($schools as $school) {

    $cas_name = 'cas_'.$school->getId();

    $container->loadFromExtension('be_simple_sso_auth', array(
        "$cas_name" => array(
            'protocol' => array(
                'id' => 'cas',
                'version' => '2'
            ),
            'server' => array(
                'id' => 'cas',
                'login_url' => "https://cas01.XXX.com/$school->getId()/login",
                'logout_url' => "https://cas01.XXX.com/$school->getId()/logout",
                'validation_url' => "https://cas01.XXX.com/$school->getId()/serviceValidate",
            ),
        ),

    ));

}

and now i have:

FatalErrorException: Error: Call to undefined method 
Symfony\Component\DependencyInjection\Loader\PhpFileLoader::getDoctrine() in 
C:\wamp\www\comp\app\config\cas.php line 11
I'd like to know how I can dynamically generate the file cas.php, getting data from the database.

Hi,

I've been working 2 days to get this bundle working but still it doesn't authenticate me.
First off I had to rename all the namespaces in /Sso since all the classes don't gave the Sso prefix.
This caused a lot of "class not found" en "method not found" errors.

Now I have no errors but after authentication it seems like nothing is done with the returned token.
I just keep getting the external login url because i'm not an authenticated user.
When i set the login_action to false so it redirects immediately it will cause an infinite loop since i am authenticated on the CAS server. So the server will keep sending the token en the Bundle will keep redirecting to the login..

So I was wondering if this bundle is actually ready for use yet or still in initial development.

Kind Regards,
Christian Vermeulen

Hello,
i'm newbie with symfony 2 and i'm currently trying to use ssoauth bundle. I have few problems : first when i try to go on one of my webpages, a box tells me :
"An error occurred while loading the web debug toolbar (500: Internal Server Error).
Do you want to open the profiler?"
If I click on Cancel button, the box disappears. Then, every webpages are replace with this text :
"You need to authenticate
A Token was not found in the SecurityContext.
Follow this link to authenticate with external server : https://xxx.fr/xxx-cas-server/login?service=xxxx"

I click on the link, i log in but then symfony goes to app_dev/login_check which is a totally blank page.

What should I do to don't see the box error again ? And why it doesn't redirect me to the webpage I asked first instead of a blank page ?
Here is my config :

security.yml

security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

providers:
    in_memory:
        memory:
            users:
                user:  { password: userpass, roles: [ 'ROLE_USER' ] }
                admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }


firewalls:
    my_firewall:
        trusted_sso:
            manager: admin_sso
            login_action: BeSimpleSsoAuthBundle:TrustedSso:login
            logout_action: BeSimpleSsoAuthBundle:TrustedSso:logout
            create_users: true
            created_users_roles: [ROLE_USER, ROLE_ADMIN]

access_control:
    #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

routing.yml

blogger_blog:
resource: "@BloggerBlogBundle/Resources/config/routing.yml"
prefix: /
login:
pattern: /login
logout:
pattern: /logout
login_check:
pattern: /login_check

config.yml

imports:
- { resource: parameters.yml }
- { resource: security.yml }

framework:
#esi: ~
#translator: { fallback: "%locale%" }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
#assets_version: SomeVersionScheme
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
fragments: ~
http_method_override: true

Twig Configuration

twig:
debug: "%kernel.debug%"
strict_variables: "%kernel.debug%"

Assetic Configuration

assetic:
debug: "%kernel.debug%"
use_controller: false
bundles: [ ]
#java: /usr/bin/java
filters:
cssrewrite: ~
#closure:
# jar: "%kernel.root_dir%/Resources/java/compiler.jar"
#yui_css:
# jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"

Doctrine Configuration

doctrine:
dbal:
driver: "%database_driver%"
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
charset: UTF8
# if using pdo_sqlite as your database driver, add the path in parameters.yml
# e.g. database_path: "%kernel.root_dir%/data/data.db3"
# path: "%database_path%"

orm:
    auto_generate_proxy_classes: "%kernel.debug%"
    auto_mapping: true

Swiftmailer Configuration

swiftmailer:
transport: "%mailer_transport%"
host: "%mailer_host%"
username: "%mailer_user%"
password: "%mailer_password%"
spool: { type: memory }
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://xxx.fr/xxxx-cas-server/login
logout_url: https://xxx.fr/xxx-cas-server/logout
validation_url: https://xxxx.fr/xx-cas-server/serviceValidate

Thank you.

Hi,
I need to enable an user on CAS authentication.
I've put my code in :

    BeSimple\SsoAuthBundle\Security\Core\Authentication\Provider\SsoAuthenticationProvider.php

it is the best way ?

thanks.

Hello,

I have not an user table in my project and the authentification is simple done with the cas server. I used an user provider which implements the UserFactoryInterface to run the create_user function.
So, first of all, is it the best way to autenticate a user without an user provider like an user table ?
If it is true, then, i return in the loaduserbyusername function an usernameNotFoundException to run the create_user function. In this function i create and return a user entity but it is not word. The create_user is running but i can't autenticate me.

Thanks your help.

William.

Hi,

The validation of the CAS ticket works correctly if the module php-curl is installed.
If php-curl not installed, the system use file_get_contents() function, but this generate an exception and a 500 HTTP error code.

Exception text :
"file_get_contents(https://cas.XXXXXX.YY/serviceValidate?service=http%3A%2F%2F127.0.0.1%2Fapp_dev.php%2Fprofil%2Flogin_check&ticket=ST-ZZZZZZZZZZZZZZZZZZZZZZ): failed to open stream: operation failed"

The problem is due to the replacement of the "&" character in the URL by it's html entity version (&).

Best regards.
David.

Is there any plan to support Symfony 2.3 ?

Hi,

I seem to have gotten it working (at least for the authentication part). I am able to see my username in the debug toolbar, however I am still at a loss of how I can use the other attributes that are provided by CAS such as email, id, address, etc.

Thanks!

Hello,

Do we have to write the loginAction() function expected by /login_check path
or is there a function already write for this job in the bundle ?

Thanks,
Benoît

I get this from my apache log after I returned from the CAS validation:

::1 - - [15/Jan/2012:10:27:26 +0100] "GET /simplesaml/module.php/casserver/login.php?service=http%3A%2F%2Flocalhost%2F%7Esergio%2Fconsigna%2Fweb%2Fapp_dev.php%2Flogin_check HTTP/1.1" 302 723
::1 - - [15/Jan/2012:10:27:26 +0100] "GET /simplesaml/module.php/casserver/serviceValidate.php?service=http%3A%2F%2Flocalhost%2F%7Esergio%2Fconsigna%2Fweb%2Fapp_dev.php%2Flogin_check&ticket=ST-607b07a3fb5c1aa87a2af35e64a19f46837078611f HTTP/1.1" 200 276
::1 - - [15/Jan/2012:10:27:26 +0100] "GET /simplesaml/module.php/casserver/serviceValidate.php?service=http%3A%2F%2Flocalhost%2F%7Esergio%2Fconsigna%2Fweb%2Fapp_dev.php%2Flogin_check&ticket=ST-607b07a3fb5c1aa87a2af35e64a19f46837078611f HTTP/1.1" 200 276
::1 - - [15/Jan/2012:10:27:26 +0100] "GET /~sergio/consigna/web/app_dev.php/login_check?ticket=ST-607b07a3fb5c1aa87a2af35e64a19f46837078611f HTTP/1.1" 302 565

The bundle is asking to the service Validation two times and this is a problem for me because the CAS server removes the ticket after the first access. Anyway, I guess this should not happen.

The first time is in SsoAuthBundle/Security/Http/Firewall/TrustedSsoAuthenticationListener.php and the second is in SsoAuthBundle/Security/Core/Authentication/Token/SsoToken.php

Hello,

I'm trying BeSimpleSsoAuthBundle but I have this error :
"Class 'Buzz\Client\Client' not found"

I installed Buzz library, I don't find the client class, I found clientInterface and abstract Client.

Thanks for your help.

Hello,

I'm not absolutely sure this is related to BeSimpleSsoAuthBundle, but I suspect it is :

In my twig template, I call this in the footer :

{% if is_granted('ROLE_ALLOWED_TO_SWITCH') %}
    some text
{% endif %} 

I have 2 firewalls :

• one using this bundle
• one using FosUserBundle's

The call to is_granted works well when accessing a page controlled by FosUserBundle's firewall. But when trying on the other firewall, I get this error :

Fatal error: Maximum function nesting level of '500' reached, aborting!

And in symfony's dev.log file, I get a lot of these :

[2012-03-09 11:07:46] security.INFO: Authentication exception occurred; redirecting to authentication entry point (The security context contains no authentication token. One possible reason may be that there is no firewall configured for this URL.) [] []
[2012-03-09 11:07:46] security.DEBUG: Calling Authentication entry point [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\RouterListener::onEarlyKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\RouterListener::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "Symfony\Bundle\FrameworkBundle\DataCollector\RequestDataCollector::onKernelController". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\ControllerListener::onKernelController". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\ParamConverterListener::onKernelController". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\TemplateListener::onKernelController". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "JMS\SecurityExtraBundle\Controller\ControllerListener::onCoreController". [] []

Do you think it's a problem with BeSimpleSsoAuthBundle ?
And do you have any idea about how to deal with that ?

Thanks in advance
Regards

I everybody!
I'm new in symfony and wanted to configure sso authentication.
I use the example given in the bundle. Everything work fine. But i don't know how to configure the CAS server part, because the urls https://cas.server.tld/login, https://cas.server.tld/logout, https://cas.server.tld/serviceValidate don't work.

Please how to configure the CAS server? What are the steps?

Thks

Hi,

This bundle forces the SSLv3 option on cURL. With the POODLE attack, more and more servers are disabling SSLv3, which means this will start generating connection errors.

What's the reasoning behind forcing SSLv3? If we're forcing protocols, shouldn't we be forcing TLSv1 (constant 1)?

Hello,

I've tried to use this bundle to authenticate against this cas server : https://sso.paris.iufm.fr

And I've got this problem :

SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I don't see what is wrong with this certificate. Maybe curls database doesn't know TERENA certificates ?

Temporary solution : edit Curl.php in buzz library, and add line 143 :
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);

It would be useful to be able to configure that via an option.

Regards

Hello,

I'm trying to make this bundle work with SF 2.1, but can't. my configuration is something like this

security:
    firewalls:
        secured:
            pattern: ^/secured/.*$
            trusted_sso:
                manager: admin_sso
                login_action: false
                logout_action: false
                create_users: true
                created_users_roles: [ROLE_USER, ROLE_ADMIN]
                check_path: /secured/login_check
                login_path: /login

be_simple_sso_auth:
    admin_sso:
        protocol:
            id: cas
            version: 2
        server:
            id: cas
            login_url: http://localhost:8888/login
            logout_url: http://localhost:8888/logout
            validation_url: http://localhost:8888/serviceValidate

but i'm redirected to login page after login success in my cas server. is there a chance to make this bundle work or is there any alternatives ?

Thanks.

How can I implement single sign-out? For example in phpCAS by calling the
phpCAS::handleLogoutRequests(false); before checking for authentication.

Thanks in advance.

Hi,

I installed this bundle.

My security.yml :
security:

factories:
    - "%kernel.root_dir%/../vendor/bundles/BeSimple/SsoAuthBundle/Resources/config/security_factories.xml"
encoders:
    Symfony\Component\Security\Core\User\User: plaintext
    dav2\TestBundle\Entity\User: plaintext

  role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

  providers:
    #in_memory:
    #    users:
    #        user:  { password: userpass, roles: [ 'ROLE_USER' ] }
    #        admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }

    user_db:
        entity: { class: dav2\TestBundle\Entity\User, property: username }

  firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false



    my_firewall:
        pattern: ^/
        trusted_sso:
            manager: my_manager
            login_action: false
            logout_action: false

access_control:
    - { path: ^/crud, roles: ROLE_ADMIN }

I have this error with URL ^/crud (access_control), the other URL are ok.
If I use the provider "in-memory" and not "user_db", I don't have this problem.

Thanks for your help.

Looks like #16 references this issue, but the "fix" doesn't appear to actually be a fix. I think there's a real bug present when a user needs to be re-authenticated.

My user class implements EquatableInterface and I have a method isEqualTo which determines if the serialized User object is the same as the refreshed User object. The behavior of comparing these two objects is described towards the bottom of this Cookbook page.

When the user has indeed changed, like a new role being added, my isEqualTo method properly returns false. However, I then get the following exception:

FatalErrorException: Error: Call to a member function validateCredentials() on a non-object in /Users/bkosborne/Sites/test/vendor/besimple/sso-auth-bundle/BeSimple/SsoAuthBundle/Security/Core/Authentication/Provider/SsoAuthenticationProvider.php line 78

Looks like the $token that's passed to authenticate on SsoAuthenticationProvider does not have its $manager property set. Not sure why, I've been struggling to understand the complexities of the Security component for a few days now.

Hello,

How can we get, with this bundle, the login and logout path or url for rendering in twig ?

I tried to do path('login') because I thought it was managed by the bundle but they say a controller is required.

Thank you,

Jérémy

Hello,

I'm trying to use BeSimpleSsoAuthBundle along with FOSUserBundle and FR3DLdapBundle. It works almost fine but I got a problem when I log out.
Once logged out, I try to log in again but I get the famous "The controller must return a response (null given). Did you forget to add a return statement somewhere in your controller?" on login_check.
Actually, if I clear the cache and try to log in, I don't have any problem.
But if I try to log in after having logged out, without clearing the cache in the meantime, I come out with the exception above.

Am I at the right place to ask this question ? Anyway thanks forward for your help

I'm trying to use this bundle in a project but it is giving me some problems.

#config.yml
    be_simple_sso_auth:
        admin_sso:
            protocol:
                id: cas
                version: 2
            server:
                id: cas
                login_url: https://cas.XXX.com/ID/login
                logout_url: https://cas.XXX.com/ID/logout
                #validation_url: https://cas.XXX.com/ID/serviceValidate

# parameters.yml
parameters:
    be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false

#security.yml
    security:

        providers:
            # Proveedor administradores
            administradores:
                memory:
                    users:
                        admin: { password: 123456, roles: ROLE_ADMIN}

    firewalls:
        # Backend
        backend:
            pattern: ^/backend/.*$
            trusted_sso:
                manager: admin_sso
                login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
                logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
                create_users: true
                created_users_roles: [ROLE_USER, ROLE_ADMIN]
                check_path: /backend/login_check
                login_path: /backend/login
                use_referer: true

    access_control:
         - { path: ^/backend, roles: ROLE_ADMIN }

I create this memory providers because if not i get this error message:

InvalidConfigurationException: The child node "providers" at path "security" must be configured.

Then when i access to /backend it redirect to login URL: https://cas.XXX.com/ID/login, up here all right! but when I start session it redirect to:

/backend/login_check?ticket=ST-1383036359rD96A55DD1B77B754D4
and i have a Exception

<url> malformed
500 Internal Server Error - ClientException

I know thats is because of the "?ticket=ST-1383036359rD96A55DD1B77B754D4" but i dont know how to solve.

thanks!

Hi,
Thx for the great job on this plugin 🍺

I'm having an issue about the logout config. Here is mine:

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        my_firewall:
            pattern: ^/
            anonymous: ~
            logout:
                path:   /secured/logout
                target: /
            trusted_sso:
                manager: websso
                login_action: false
                logout_action: false
                login_path: /secured/login
                check_path: /secured/check
                always_use_default_target_path: true
                default_target_path: /
                failure_path: /secured/logout

The logout target path is not used. In fact, on logout, it's the check_url path passed to my SSO. So I'm redirected to a 404 page: http://myserver/secured/check (without token, I get a 404).

I think the issue is in the Cas Server class:

class Server extends AbstractServer
{
    /**
     * @return string
     */
    public function getLogoutUrl()
    {
        return sprintf('%s?service=%s', parent::getLogoutUrl(), urlencode($this->getCheckUrl()));
    }

As you can see, the "CheckUrl" is used for logout. What I need after a logout is to be redirected to the homepage.
I don't know neither if the 404 error on my check url is normal, maybe that's the real bug here?

Hi,
I try to use the SsoAuthBundle but when I Log In I'm imediately log out. In the log file I have:

[2011-12-08 11:33:05] security.INFO: Authentication request failed: Authentication has not been validated by SSO provider. [] []
[2011-12-08 11:33:05] security.DEBUG: Redirecting to /secured/logout [] []

I search in the code but I don't understand what's wrong, is anybody have an idea ?

I'm trying to find the best approach to setup functional tests for my app that uses this bundle. One of the approaches in the Symfony docs is to manually create a security token and then assign it to the security context.

The token used by this bundle is a bit more complicated than the standard UsernamePasswordToken used in the example.

Hello,
I need to get the userRole for my app. How do I get it via SsoAuthBundle ?

Thanks.

Exception parameters error on
SsoAuthBundle/Security/Core/Authentication/Provide/rSsoAuthenticationProvider.php Line 150 :
throw new AuthenticationServiceException($repositoryProblem->getMessage(),$username, 0, $repositoryProblem);

Must be :

        throw new AuthenticationServiceException($repositoryProblem->getMessage().' '.$username, 0, $repositoryProblem);

@jfsimon

From my investigation, it seems like it is incorrect to hard code the check_path parameter for the service validation.

Should the service provided to the validateService method on an cas server just be the current url, with the ticket parameter removed?

I am overriding the TrustedSsoAuthenticationListener in our implementation to do the above at the moment.

The reason for this is as follows:
My service url can differ between login requests, to include a redirect parameter to be handled by the symfony2 authentication success handler. Example:

My service provided to the cas server could be:

http://www.domain.dev/auth/login_check?_target_path=https%3A%2F%2Fwww.domain.com%2Fpath

The _target_path should can vary.

Symfony would then pick this up after authentication: https://github.com/symfony/symfony/blob/4aab341d59ba217a70e7c114c73ac00a61e75377/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php#L94

However, due to:

The service is incorrectly passed back to the SSO server for validation, and validation will fail due to non matching services between login and validation. My feeling, as above, is the service should be the current url, minus the ticket parameter.

Thoughts?

Hi everyone.

I just setup symfony and this bundle, I tried to configure it but it seems I am doing something wrong.

my security.yml contains :

    my_firewall:
        pattern: ^/
        trusted_sso:
            manager: admin_sso
            create_users: false
            login_action: false
            logout_action: false
            login_path: /login
            check_path: /login_check

my routing.yml contains :

    login:
        pattern:   /login

    login_check:
        pattern:   /login_check

and my config.yml contains :

    be_simple_sso_auth:
        admin_sso:
            protocol:
                id: cas
                version: 2
        server:
                id: cas
                login_url: https://cas.*.fr/login
                logout_url: https://cas.*.fr/logout
                validation_url: https://cas.*.fr/serviceValidate

So as defined in my security.yml, as soon as I try to browse my application, I am redirected to my cas login url, this is perfect. Anyway, when I login or when I am already logged, I have an error from my browser because of too many redirections :

    cas login --> sf login_check --> sf login --> cas login ...

Thank you in advance for any help you can provide me !

The way to register security factories changed in Symfony master. Instead of asking the end-user to put a link to a file in its security config, each bundle can now register factories in its build method.

To support master, you have 2 choices:

• create different branches. More difficult to maintain if you refactor heavily the bundle but cleaner in the code
• add some tricky logic in build to check if the method is available in the security extension (i.e. you are in master)

What way do you prefer ?

I can provide help for the implementation if you need it.

Bonjour,

J'ai installé ce bundle et après maintes péripétie, tout à l'air de fonctionner.
Au moment du login, cela vérifie bien la présence du token, cela récupère mon user, le set en session mais au moment de la redirection à ma home page que j'ai configuré dans le security.yml dans le target_path, je suis bien redirigé mais dans une nouvelle session.
Donc je perd mon authentification.
La reponse retournée par :

$response = $this->successHandler->onAuthenticationSuccess($request, $token);
Est une 302 de redirection.
Es ce normal?
Quelqu'un a déjà eu ce cas là? ou aurait une idée?

Merci par avance pour vos réponse car cela fait déjà un moment que je planche sur le sujet.

Dear, I have the following configuration:

"require" : {
    "php" : ">=5.3.3",
    "symfony/symfony" : "2.3.*",
    "doctrine/orm" : ">=2.2.3,<2.4-dev",
    "doctrine/doctrine-bundle" : "1.2.*",
    "twig/extensions" : "1.0.*",
    "symfony/assetic-bundle" : "2.3.*",
    "symfony/swiftmailer-bundle" : "2.3.*",
    "symfony/monolog-bundle" : "2.3.*",
    "sensio/distribution-bundle" : "2.3.*",
    "sensio/framework-extra-bundle" : "2.3.*",
    "sensio/generator-bundle" : "2.3.*",
    "incenteev/composer-parameter-handler" : "~2.0",
    "besimple/sso-auth-bundle" : "1.0.*@dev"
},

"config.yml"

be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://{dominioServerCAS}/service-auth/login #https://cas.server.tld/login
logout_url: https://{dominioServerCAS}/service-auth/logout #https://cas.server.tld/logout
#validation_url: #https://cas.server.tld/serviceValidate

"security"

intranet:
pattern: ^/cas/.*$
trusted_sso:
manager: admin_sso
login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
login_path: /cas/login
check_path: /cas/login_check
#create_users: true
#created_users_roles: [ROLE_USER, ROLE_ADMIN]

"parameters.yml"
.
.
be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false

The system redirects me correctly to the CAS server and when I returned and I authenticate my application (with the correct ticket cas), I get the following error:

malformed
500 Internal Server Error - ClientException

"Stack Trace"

in C:\devweb\wamp\www\symfony\path\vendor\kriswallsmith\buzz\lib\Buzz\Client\Curl.php at line 29 -

            $errorMsg = curl_error($this->lastCurl);
            $errorNo  = curl_errno($this->lastCurl);
            throw new ClientException($errorMsg, $errorNo);
        }
        static::populateResponse($this->lastCurl, $data, $response);

"Logs"

CRITICAL - Uncaught PHP Exception Buzz\Exception\ClientException: " malformed" at C:\devweb\wamp\www\symfony\path\vendor\kriswallsmith\buzz\lib\Buzz\Client\Curl.php line 29

I hope your help, but I think it is a bug in the bundle

Lucas.-

Hello,

Since my first issue, my Symony security mecanism comprehension is better, maybe correct.

The bundle works pretty fine with an "in_memory provider", I can match paths with roles in the access_control with success, I'm logged in and authenticated

But with a based provider (mysql and pdo_mysql driver) which is working with 2 entities; User and Role (ManyToMany)
without any access_control properties enabled I'm logged in but not Authenticated, and an important point, roles are correctly loaded (I've seen it in the profiler).
Nevertheless, when I use any access_control properties, I've got a php fatal error which concerns the bundle:

[code]
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP Fatal error: Call to a member function validateCredentials() on a non-object in /home/bdelmotte/www/sf2/vendor/besimple/sso-auth-bundle/BeSimple/SsoAuthBundle/Security/Core/Authentication/Provider/SsoAuthenticationProvider.php on line 78, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP Stack trace:, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 1. {main}() /home/bdelmotte/www/sf2/web/app_dev.php:0, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 2. Symfony\Component\HttpKernel\Kernel->handle() /home/bdelmotte/www/sf2/web/app_dev.php:28, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 3. Symfony\Bundle\FrameworkBundle\HttpKernel->handle() /home/bdelmotte/www/sf2/app/bootstrap.php.cache:617, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 4. Symfony\Component\HttpKernel\HttpKernel->handle() /home/bdelmotte/www/sf2/app/bootstrap.php.cache:1566, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 5. Symfony\Component\HttpKernel\HttpKernel->handleRaw() /home/bdelmotte/www/sf2/app/bootstrap.php.cache:1390, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 6. Symfony\Component\HttpKernel\Debug\ContainerAwareTraceableEventDispatcher->dispatch() /home/bdelmotte/www/sf2/app/bootstrap.php.cache:1410, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 7. Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch() /home/bdelmotte/www/sf2/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Debug/ContainerAwareTraceableEventDispatcher.php:78, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 8. Symfony\Component\EventDispatcher\EventDispatcher->dispatch() /home/bdelmotte/www/sf2/app/cache/dev/classes.php:4931, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 9. Symfony\Component\HttpKernel\Debug\ContainerAwareTraceableEventDispatcher->doDispatch() /home/bdelmotte/www/sf2/app/cache/dev/classes.php:4713, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 10. call_user_func() /home/bdelmotte/www/sf2/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Debug/ContainerAwareTraceableEventDispatcher.php:139, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 11. Symfony\Component\Security\Http\Firewall->onKernelRequest() /home/bdelmotte/www/sf2/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Debug/ContainerAwareTraceableEventDispatcher.php:139, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 12. Symfony\Component\Security\Http\Firewall\AccessListener->handle() /home/bdelmotte/www/sf2/app/cache/dev/classes.php:5773, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 13. Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate() /home/bdelmotte/www/sf2/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php:65, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 14. BeSimple\SsoAuthBundle\Security\Core\Authentication\Provider\SsoAuthenticationProvider->authenticate() /home/bdelmotte/www/sf2/app/cache/dev/classes.php:5959, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security

Is there something due to me behind this problem ? or is it a really problem with the compatibility between the bundle and a based provider ?

cordially,
Benoît

I've got problem to enable this library with Symfony 2.5

When I want to open restricted page - I've got information that I need to be logged in. And there is a link to my CAS server. I can login there but after that - I get this error:

Controller "BeSimple\SsoAuthBundle\Controller\TrustedSsoController::loginAction()" requires that you provide a value for the "$manager" argument (because there is no default value or because there is a non optional argument after this one).

I use Symfony 2.2.11, and the BeSimpleSsoAuth bundle (ref 4ba8ada) for the SSO-CAS authentication.

When I logout, I'm correctly redirected to the logout page of the SSO. Then the SSO redirects me to the /login_check on my webapp and that finally redirects me to the login page. That's (almost) fine for me. The “almost” comes from the fact that I don't understand why I'm redirected to the login_check, rather than the root given that my security.yml file contains:

firewalls:
    people:
        pattern: ^/
        switch_user: true
        trusted_sso:
            manager: my_cas
            login_action: false
            logout_action: false
            create_users: false
        logout:
            path:   /logout
            target: /

access_control:
    - { path: ^/owner/*, roles: ROLE_OWNER }
    - { path: ^/user/*, roles: ROLE_USER }

I thought the target would mean where the logout page should redirect. There is an additional problem: if I happen to log in again from the page I've been redirected to, then I will be directly redirected to /login_check which will give the following error:

Unable to find the controller for path "/login_check". Maybe you forgot to add the matching route in your routing configuration?

But if I directly access to the root of my app (let's say http://localhost/test/web/app_dev.php), I'm being redirected to:

• SSO login page: https://sso-cas.myprovider.com/login?service=http%3A%2F%2Flocalhost%2Ftest%2Fweb%2Fapp_dev.php%2Flogin_check
• then: http://localhost/test/web/app_dev.php/login_check?ticket=ST-433244-dLDEe4hoShmzdp26f2dU-sso-cas.myprovider.com
• and finally: http://localhost/test/web/app_dev.php/owner/

In that case, I access /login_check without any trouble, compared to the other case where I have an error. What is the difference? And, side question, why am I redirected to /login_check after logout?

Thanks!

In my composer.json:

"besimple/sso-auth-bundle": "*"

../composer.phar update besimple/sso-auth-bundle

Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

Problem 1
- The requested package besimple/sso-auth-bundle could not be found in any version, there may be a typo in the package name.

Potential causes:

• A typo in the package name
• The package is not available in a stable-enough version according to your minimum-stability setting
  see https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion for more details.

Read http://getcomposer.org/doc/articles/troubleshooting.md for further common problems.

Hey, great bundle!

I am using this bundle successfully, but I am having trouble configuring the logout page.

I am trying to use the built in functionality to intercept login/logout requests but the logout portion seems to function incorrectly. When a user accesses a logout link in our application, they are brought to the logout redirect page, but all of the user data is still refreshed from our user provider. Symfony shows the user as unauthenticated in the profiler. If the logout page is refreshed, the user data is no longer reloaded and the token is gone. We are loading our user data from an oracle database using doctrine after SSO authentication. Here is my firewall config:

security.yml

providers:
    db_users:
        entity: { class: MyCoreBundle:MyUser}

firewalls:
    dev:
        pattern:  ^/(_(profiler|wdt)|css|images|js)/
        security: false

    login:
        pattern:  ^/login$
        security: false

    firewall:
        pattern: ^/
        trusted_sso:
            manager: my_sso
            login_action: MyCoreBundle:SsoLogin:login
            logout_action: MyCoreBundle:SsoLogin:logout
            login_path: /login
            check_path: /login_check
        logout: true

I can post our User entity and UserProvider, but they are very basic, taken from all the examples. My login/logout actions are different cause we are overriding your controller.

Hello,

AuthenticationServiceException is thrown with bad parameter in the file Security/Core/Authentication/Provider/SsoAuthenticationProvider.php at lines 150 and 177.

There is 4 parameters instead of 3.

Best regards.
David.

I am doing a web project with symfony2 that involves a CAS server: http://www.jasig.org/cas unfortunately I cannot make it working. I have tried several configurations and anything of what I do is correct. This is the flux that I am expecting to do for any user that wants to be logged:

1. A user wants to login in my system
2. My system redirects somehow the users to the cas server login web page to login with user credentials.
3. After a valid login, cas server login webpage redirects user back to my system.
4. My system knows if the user is well logged or not based on protocol mechanisms.

Following your instructions from the rep, here are all my configurations:

For the config.yml

be_simple_sso_auth:
    admin_sso:
        protocol:
            id: cas
            version: 2
        server:
            id: cas
            login_url: https://cas_server.fi/cas/login
            validation_url: https://cas_server.fi/cas/serviceValidate

For the security.yml

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        in_memory:
            memory:
                users:
                    user:  { password: userpass, roles: [ 'ROLE_USER' ] }
                    admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false
        my_firewall:
            pattern: ^/
            anonymous: ~
            trusted_sso:
                manager: admin_sso
                login_action: false
                create_users: true
                created_users_roles: [ROLE_ADMIN]
                check_path: /

The cas server provided me two .crt files that I have already installed in my Ubuntu 13.10. Or at least I what I think... however any of this previous configurations do not seem to want these certificates since I cannot specify where the bundle can find them. Anyway it does not work yet so this step maybe is irrelevant.

So, what happens now is the next:

1. User access to / for first time
2. My system redirect him to /login (as far as I understand it is the default direction...)

To manage this /login I have in routing.yml in my own bundle:

ss_web_login:
    path: /login
    defaults: { _controller: BeSimpleSsoAuthBundle:TrustedSso:login }

I have checked this controller and it looks like it draws an anchor to "somewhere" (I guess is the login form of my cas server.

Let's continue... as I said, the user is being redirected to /login but I get an error:

Controller "BeSimple\SsoAuthBundle\Controller\TrustedSsoController::loginAction()" requires that you provide a value for the "$manager" argument (because there is no default value or because there is a non optional argument after this one).

It happens because the BeSimpleSsoAuthBundle:TrustedSso:login expects different parameters:

public function loginAction(Manager $manager, Request $request, AuthenticationException $exception = null)

But nobody is passing these parameters that it expects. What should I do?

Please, if you have ANY other suggestion about make this working I will really appreciate.

Thank you so much.

Hello,

Sorry to ask the question here, but I am stucked trying to make the bundle works to authenticate against a CAS server.

I am a newbie with Symfony, perhaps I missed something easy... Depending on my tests, my protected application always redirects me to the "/login" or "/login_check" URL with a "No route found" error, after retrieving a PT on my CAS server.

Does anybody have a working conf ?

app/config/security.yml contains :
...
firewalls:
my_hello:
pattern: ^/hello/.*$
trusted_sso:
manager: my_cas
login_action: BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: false

factories:
    - "%kernel.root_dir%/../vendor/bundles/BeSimple/SsoAuthBundle/Resources/config/security_factories.xml"

app/config/config.yml :

be_simple_sso_auth:
my_cas:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://cas.xxx.fr/cas/login
logout_url: https://cas.xxx.fr/cas/logout
validation_url: https://cas.xxx.fr/cas/serviceValidate

Any help appreciated !

Hi everyone.

I'm actualy working on a project using your bundle with Symfony 2.4. I configured my project as shown in exemple.md. Sadly, it works only with users defined in security.yml (in memory provider).

If i use an entity provider (users defined in database), or if the user doesn't exist, it creates an inifnite loop :
login -> cas login -> login_check -> login -> cas login -> ...

Am I doing something wrong ?

config.yml

# Sso Bundle
be_simple_sso_auth: 
    admin_sso:
        protocol:
            id: cas
            version: 2
        server:
            id: cas
            login_url: https://auth.XXX.fr/cas/login
            logout_url: https://auth.XXXfr/cas/logout
            validation_url: https://auth.XXX.fr/cas/serviceValidate

security.yml

encoders:
    MyApp\G2CBundle\Entity\HarpUtilisateur:
        algorithm:        sha1
        encode_as_base64: false
        iterations:       1

role_hierarchy:
    ROLE_ADMIN:       ROLE_USER
    ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        in_memory:
            memory:
                users:
                    login-test : { password: pwd-test , roles: ROLE_USER }
        in_database:
            entity: { class: MyAppG2CBundle:HarpUtilisateur, property: uid }
firewalls:
    my_firewall:
        pattern: ^/g2c/.*$
        provider : in_database # this cause an infinite loop, it works using in_memory
        trusted_sso:
            manager:             admin_sso
            login_path:          /g2c/login
            check_path:          /g2c/login_check
            default_target_path: /g2c/hello/toto  
            login_action:         false
            logout_action:       false
            create_users:        false
        logout:
            path:   /g2c/logout
            target: /

PS: I put some var_dump() in SsoAuthenticationProvider, the SsoToken is built properly, the user is provided (a MyApp\G2CBundle\Entity\HarpUtilisateur object).

Thank you in advance for any help you can provide me !