The way that I addressed this was to: * Create a custom form for the signin process * In that form, replace the validator (change app_sf_guard_plugin_signin_form) * In the new validator, replace the code that throws an error if the user is not found in the database with code that authenticates against your external mechanism. * In the "external mechanism" create the user if the user does not exist in sf_guard_user, also update the user if the info has changed * return the new user to the validator
I'm still not thrilled with this answer, so if anyone has an alternate solution, I would love to hear it. thanks ashton On Fri, Jan 29, 2010 at 10:00 AM, ashton honnecke <[email protected]> wrote: > Both ways of authentication would be fine, but my main goal is to > allow users to login without requiring them to exist in the > sfGuardUserTable. I'm building a site for a client that has an api > that they want me to use to authenticate users against. I don't want > to have to insert into sf_user_guard just to allow a user to attempt > to login. > > It seems very strange that there would be such a great external > authentication system that then requires that the user already be in > the sf_guard_user table. I assume that I am missing something. > > These guys want to know how to do it as well: > http://www.matthewbull.net/2008/06/29/symfonys-sfguard-plugin-and-ldap/ > > On Fri, Jan 29, 2010 at 5:43 AM, Tom Ptacnik <[email protected]> wrote: >> Of cource you can overwrite the sfGuardAuth module if you don't want >> to use it... I thought that you want to use both ways of >> autentification. >> >> >> On 28 led, 18:38, ashton honnecke <[email protected]> wrote: >>> Thanks! >>> >>> So if I am understanding you, you are telling me that there is no way >>> to do this with the current sfGuardUser setup and that I will need to >>> I create a new module that I use for login. >>> >>> It doesn't seem to me that this is an uncommon request related to the >>> external password check, so It seems odd that I would need to re-write >>> the login in order to do so. >>> >>> Why would I want to make a new module and not just overwrite the >>> executeSignin method in the BasesfGuardAuthActions class? >>> >>> ashton >>> >>> >>> >>> On Thu, Jan 28, 2010 at 6:53 AM, Tom Ptacnik <[email protected]> wrote: >>> > Create an module with "secure: is_secure: false" in which you can do >>> > what you want (create a user in sf_guard_user table ...) >>> >>> > On 28 led, 02:15, ashton <[email protected]> wrote: >>> >> I have my external authentication working, but the problem that I am >>> >> running into is that there needs to be a user in the sfGuardUser table >>> >> that matches the username submit in the login form, otherwise the >>> >> login fails. >>> >>> >> So when I currently add 'return true;' to the top of the external auth >>> >> function, I can login with any password, for users that exist in the >>> >> sf_guard_table, but not with usernames that do not exist. >>> >>> >> I was wondering if there was a solution out there (ideally user >>> >> creation in the sfGuardUser table upon successful external >>> >> authentication), allowing me to perform my external checks even if the >>> >> username does not exist in the sf_guard_user table would work too, >>> >> because then I could just manually create the user if the external >>> >> auth was successful. >>> >>> >> thanks! >>> >> ashton >>> >>> > -- >>> > You received this message because you are subscribed to the Google Groups >>> > "symfony users" group. >>> > To post to this group, send email to [email protected]. >>> > To unsubscribe from this group, send email to >>> > [email protected]. >>> > For more options, visit this group >>> > athttp://groups.google.com/group/symfony-users?hl=en. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "symfony users" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/symfony-users?hl=en. >> >> > -- You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en.
