eZ Community » Forums » eZ Publish 5 Platform » Authentication with Symfony's X.509...
expandshrink

Authentication with Symfony's X.509 authentication provider.

Authentication with Symfony's X.509 authentication provider.

Monday 26 January 2015 3:41:24 pm

Hello,

I'm trying to enable TLS-based authentication on an eZ Publish website by using Symfony's X509AuthenticationListener.

I've added an "x509" section to the settings in "ezpublish/security.yml" :

     firewalls:
        ezpublish_front:
            pattern: ^/
            anonymous: ~
            form_login:
                require_previous_session: false
            logout: ~
            x509:
                provider: "ezpublish"
                user: "SSL_CLIENT_S_DN_CN"
                credentials: "SSL_CLIENT_S_DN" 

The Web server is set up to verify the client's certificate using a self-signed CA. The client's certificate is signed with the CA and it's Common Name is a valid eZ Publish login.

When I type my site's address, my Web browser prompt me to choose a certificate to authenticate with.

If I click on "Cancel", I'm redirected to the regular login page, which works fine; but if I choose my certificate, I get the following error message:

 An unexpected error has occurred. Please contact the webmaster.
User  'mickael' doesn't have user/login permission to SiteAccess 'inspect_www'  in  D:\dev\versions\2014.11-dev\_sources\vendor\symfony\symfony\src\Symfony\Component\Security\Http\Firewall\ExceptionListener.php  on line 116

Here is the stack trace of the exception caught by the ExceptionListener:

#   Time    Memory      Function    Location
1   0.0500  161600      {main}( )    ...\index.php:0
2   0.1080  1236528     Symfony\Component\HttpKernel\Kernel->handle( ???, ???, ??? )    ...\index.php:87
3   0.7650  13747912    Symfony\Component\HttpKernel\DependencyInjection\ContainerAwareHttpKernel->handle( ???, ???, ??? )    ...\Kernel.php:185
4   0.7670  13750368    Symfony\Component\HttpKernel\HttpKernel->handle( ???, ???, ??? )    ...\ContainerAwareHttpKernel.php:64
5   0.7670  13750408    Symfony\Component\HttpKernel\HttpKernel->handleRaw( ???, ??? )    ...\HttpKernel.php:66
6   0.7710  13775088    Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch( ???, ??? )    ...\HttpKernel.php:126
7   1.0371  15739776    Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch( ???, ??? )    ...\TraceableEventDispatcher.php:112
8   1.0381  15739800    Symfony\Component\EventDispatcher\EventDispatcher->dispatch( ???, ??? )    ...\ContainerAwareEventDispatcher.php:167
9   1.0381  15741304    Symfony\Component\EventDispatcher\EventDispatcher->doDispatch( ???, ???, ??? )    ...\EventDispatcher.php:53
10  1.2721  16658512    call_user_func:{H:\dev\ezp\vendor\symfony\symfony\src\Symfony\Component\EventDispatcher\EventDispatcher.php:164} ( ???, ???, ???, ??? )    ...\EventDispatcher.php:164
11  1.2721  16658536    Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke( ???, ???, ??? )    ...\EventDispatcher.php:164
12  1.2721  16659104    call_user_func:{H:\dev\ezp\vendor\symfony\symfony\src\Symfony\Component\EventDispatcher\Debug\WrappedListener.php:59} ( ???, ???, ???, ??? )    ...\WrappedListener.php:59
13  1.2721  16659128    Symfony\Component\Security\Http\Firewall->onKernelRequest( ???, ???, ??? )    ...\WrappedListener.php:59
14  1.3201  16998672    Symfony\Component\Security\Http\Firewall\AbstractPreAuthenticatedListener->handle( ??? )    ...\Firewall.php:69
15  13.3748 22064424    Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch( ???, ??? )    ...\AbstractPreAuthenticatedListener.php:91
16  13.3788 22066136    Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch( ???, ??? )    ...\TraceableEventDispatcher.php:112
17  13.3788 22066136    Symfony\Component\EventDispatcher\EventDispatcher->dispatch( ???, ??? )    ...\ContainerAwareEventDispatcher.php:167
18  13.3798 22066440    Symfony\Component\EventDispatcher\EventDispatcher->doDispatch( ???, ???, ??? )    ...\EventDispatcher.php:53
19  13.3808 22067728    call_user_func:{H:\dev\ezp\vendor\symfony\symfony\src\Symfony\Component\EventDispatcher\EventDispatcher.php:164} ( ???, ???, ???, ??? )    ...\EventDispatcher.php:164
20  13.3808 22067752    Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke( ???, ???, ??? )    ...\EventDispatcher.php:164
21  13.3818 22067864    call_user_func:{H:\dev\ezp\vendor\symfony\symfony\src\Symfony\Component\EventDispatcher\Debug\WrappedListener.php:59} ( ???, ???, ???, ??? )    ...\WrappedListener.php:59
22  13.3818 22067888    eZ\Publish\Core\MVC\Symfony\Security\EventListener\SecurityListener->checkSiteAccessPermission( ???, ???, ??? )    ...\WrappedListener.php:59

Has someone already had this problem ?

Thanks in advance.

Modified on Monday 26 January 2015 3:43:06 pm by Mickaël Raybaud-Roig

No reply yet!

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from