See Permissions for information about the permissions system in Ibexa DXP.
See the Security checklist for a list of security-related issues you should take care of before going live with a project.
To use Symfony authentication with Ibexa DXP, use the following configuration (in
1 2 3 4 5 6 7 8 9
1 2 3 4 5 6 7
You can fully customize the routes and/or the controller used for login.
However, remember to match
Authentication using Symfony Security component¶
Authentication is provided using the Symfony Security component.
Native and universal
form_login is used, in conjunction with an extended
DaoAuthenticationProvider (DAO stands for Data Access Object), the
RepositoryAuthenticationProvider. Native behavior of
DaoAuthenticationProvider has been preserved, making it possible to still use it for pure Symfony applications.
SecurityController is used to manage all security-related actions and is thus used to display the login form. It follows all standards explained in Symfony security documentation.
The base template used is
The layout used by default is
%ibexa.content_view.viewbase_layout% (empty layout) but can be configured together with the login template:
1 2 3 4 5 6
Redirection after login¶
By default, Symfony redirects to the URI configured in
default_target_path. If not set, it defaults to
It is possible to use the "Remember me" functionality. Refer to the Symfony cookbook on this topic.
If you want to use this feature, you must at least extend the login template in order to add the required checkbox:
1 2 3 4 5 6 7
Login handlers / SSO¶
Symfony provides native support for multiple user providers. This makes it easy to integrate any kind of login handlers, including SSO and existing third-party bundles (e.g. FR3DLdapBundle, HWIOauthBundle, FOSUserBundle, BeSimpleSsoAuthBundle, etc.).
See Authenticating a user with multiple user provider for more information.
To use JWT authentication with Ibexa DXP, in the provided
modify the existing configuration by setting
1 2 3 4 5 6 7 8 9 10 11 12
You also need a new Symfony firewall configuration for REST and/or GraphQL APIs.
It is already provided in
config/packages/security.yaml, you only need to uncomment it:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21