(>= EZP 5.3, >= EZP Community 2014.01)
This documentation page is compatible with eZ Publish 5.3 / 2014.01
Prior to these versions, authentication was made through legacy stack only, using the venerable
user/login module, with the help of a
Authentication using Symfony Security component
Native and universal
form_login is used, in conjunction to an extended
DaoAuthenticationProvider (DAO stands for Data Access Object), the
RepositoryAuthenticationProvider. Native behavior of
DaoAuthenticationProvider has been preserved, making it possible to still use it for pure Symfony applications.
SecurityController is used to manage all security related actions and is thus used to display login form. It is pretty straight forward and follows all standards explained in Symfony security documentation.
Base template used is
EzPublishCoreBundle:Security:login.html.twig and stands as follows:
The layout used by default is
%ezpublish.content_view.viewbase_layout% (empty layout) but can be configured easily as well as the login template:
Redirection after login
By default, Symfony redirects to the URI configured in
default_target_path. If not set, it will default to
This setting can be set by SiteAccess, via
To use Symfony authentication with eZ Publish, the configuration goes as follows:
See the documentation on access control
It is possible to use the
remember_me functionality. For this you can refer to the Symfony cookbook on this topic.
If you want to use this feature, you must at least extend the login template in order to add the required checkbox:
Login handlers / SSO
Symfony provides native support for multiple user providers. This makes it easy to integrate any kind of login handlers, including SSO and existing 3rd party bundles (e.g. FR3DLdapBundle, HWIOauthBundle, FOSUserBundle, BeSimpleSsoAuthBundle...).
Further explanation can be found in the multiple user providers cookbook entry.
Integration with Legacy
- When not in legacy mode, legacy
user/logoutviews are deactivated.
- Authenticated user is injected in legacy kernel.
Authentication with Legacy SSO Handlers
To be able to use your legacy SSO (Single Sign-on) handlers, use the following config in your
Follow the notes below if you upgrade from 5.2 to 5.3 / 2013.11 to 2014.01
ezpublish/config/security.yml, you must remove
ezpublish/config/routing.yml, you must add
logoutroutes (see above in [Configuration])
- In your templates, change your links pointing to
/user/logoutto appropriate login/login_check/logout routes: