Monday, November 21, 2011

Symfony 2 - User Direct Login / Single Sign On

In applications integration, single sign on is mandatory. In this post, I won't cover how applications integration process. To be more specific, I assume you know how to integrate/share users between multiple applications.

This piece of code bellow will show how to do a login process in symfony 2 programatically for single sign on purpose. But before you can use the following code you have to implement your own custom user class implementing UserInterface for Symfony 2, custom role class implementing RoleInterface and have read Symfony 2 manual about how to setup a firewall in Symfony security configuration file.

The scenario :

We have exisiting web based application called Alice, and I write new application with Symfony 2 called Bob. Now, we want to integrate Bob as part of Alice application. The situation is Alice already have users because it was still used. And Bob will use users from Alice as its users.

The requirements :

Users want to login only one time from Alice login page in order to use both Alice and Bob applications.

The solution :

Flow chart

In above scheme, when a user try to access Bob, it will check for the user's credentials of Alice. If Bob found the user is not authenticated from Alice, it will send a redirect response to Alice login page. If the user is an authenticated user of Alice, then Bob will ask Alice the all the user information it needs and mark the user as an authenticated user in Bob application.

So in Bob authentication validator, we can use the following code to mark the authenticated user of Alice as an authenticated user of Bob.

$token = new UsernamePasswordToken($user, null, $firewall, $user->getRoles());
$session = $this->get('session');

Happy coding (:

Read more!