我已经成功实现了github 站点上所述的 FOSUserbundle 。但是,我还需要让我的网站与 BeSimpleSsoAuthBundle 一起使用。
用例是用户可以在站点上注册,但是如果他们有 SSO,他们仍然可以登录(并在不经意间在本地创建用户)。我还根据github 站点安装了 BeSimpleSsoAuthBundle 包
我要做的是向用户显示登录表单并获取这些凭据并针对本地数据库运行它们,如果它们不匹配,则检查 SSO 服务器。如果 SSO 服务器可以使用凭据,然后我会在本地创建用户。
我的安全.yml
security:
encoders:
FOS\UserBundle\Model\UserInterface: sha512
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_provider: form.csrf_provider
logout: true
anonymous: true
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
my_firewall:
pattern: ^/admin/.*$
trusted_sso:
manager: admin_sso
login_action: BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: BeSimpleSsoAuthBundle:TrustedSso:logout
create_users: true
created_users_roles: [ROLE_USER, ROLE_ADMIN]
access_control:
- { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/register, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/resetting, role: IS_AUTHENTICATED_ANONYMOUSLY }
- { path: ^/admin/, role: ROLE_ADMIN }
我的 config.yml:
imports:
- { resource: parameters.yml }
- { resource: security.yml }
framework:
#esi: ~
translator: { fallback: %locale% }
secret: %secret%
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
#assets_version: SomeVersionScheme
default_locale: "%locale%"
trusted_proxies: ~
session: ~
fragments: ~
trusted_hosts: ~
# Twig Configuration
twig:
debug: %kernel.debug%
strict_variables: %kernel.debug%
# Assetic Configuration
assetic:
debug: %kernel.debug%
use_controller: false
bundles: [ MainReferralCaptureBundle ]
#java: /usr/bin/java
filters:
cssrewrite: ~
#closure:
# jar: %kernel.root_dir%/Resources/java/compiler.jar
#yui_css:
# jar: %kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar
# Doctrine Configuration
doctrine:
dbal:
driver: %database_driver%
host: %database_host%
port: %database_port%
dbname: %database_name%
user: %database_user%
password: %database_password%
charset: UTF8
# if using pdo_sqlite as your database driver, add the path in parameters.yml
# e.g. database_path: %kernel.root_dir%/data/data.db3
# path: %database_path%
orm:
auto_generate_proxy_classes: %kernel.debug%
auto_mapping: true
# Swiftmailer Configuration
swiftmailer:
transport: %mailer_transport%
host: %mailer_host%
username: %mailer_user%
password: %mailer_password%
spool: { type: memory }
fos_user:
db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel'
firewall_name: main
user_class: Main\ReferralCaptureBundle\Entity\User
#be_simple_sso_auth: ~
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: http://cas.server.tld/login
logout_url: http://cas.server.tld/logout
validation_url: http://cas.server.tld/serviceValidate
有人可以帮我做我想做的事吗?
非常感谢提前