Skip to content

[Security] Allow custom user identifier for X509 authenticator #48200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 18, 2022

Conversation

Spomky
Copy link
Contributor

@Spomky Spomky commented Nov 11, 2022

Q A
Branch? 6.3
Bug fix? no
New feature? yes
Deprecations? no
Tickets Fix #47354
License MIT
Doc PR to be created

This PR allows defining a custom user identifier instead of the hardcoded emailAddress.
It also adds a new option for the firewall configuration:

# config/packages/security.yaml
security:
    # ...

    firewalls:
        main:
            # ...
            x509:
                provider: your_user_provider
                user_identifier: CN # default to emailAddress

💬 Discussion: user identifier regex changed
Note that the regex is changed. The previous one was able to find an email address as expected, but now that the common name may not contain a @ (or may contain more than one), it is required to update this part.
It does not impact the previously merged PR #33759, but I prefer highlight the fact that it can now catch invalid email addresses set in emailAddress.

@carsonbot carsonbot added this to the 6.2 milestone Nov 11, 2022
@nicolas-grekas nicolas-grekas modified the milestones: 6.2, 6.3 Nov 14, 2022
@symfony symfony deleted a comment from carsonbot Nov 14, 2022
@carsonbot carsonbot changed the title Allow custom user identifier for X509 authenticator [Security] Allow custom user identifier for X509 authenticator Nov 14, 2022
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor thing and good to go on my side, thanks.

@fabpot
Copy link
Member

fabpot commented Dec 18, 2022

Thank you @Spomky.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Security] [Authenticator] X509 authenticator should can use CN as UserIdentifier
4 participants