Guzzo
Bonjour à tous,
Je suis en Symfony 6.4 / PHP 8.2
J'utilise OAuth2Authenticator
Je souhaites que KeyCloack centralise mon authentification.
C'est à dire :
- Appel de mon Web
- Mon Web voit que l'utilisateur n'est pas authentifié. Il route vers KeyCloack pour authentification.
- KeyCloack reroute vers le Web si OK
Pour cela j'ai effectué le code suivant :
knpu_oauth2_client.yaml
knpu_oauth2_client:
http_client_options:
timeout: 0
proxy: 'http://keycloak:8080'
verify: false
clients:
keycloak:
type: keycloak
client_id: '%env(KEYCLOAK_CLIENTID)%'
client_secret: '%env(KEYCLOAK_SECRET)%'
redirect_route: 'oauth_check'
redirect_params: { }
auth_server_url: '%env(KEYCLOAK_APP_URL)%'
realm: 'tew'knpu_oauth2_client.yaml
security:
enable_authenticator_manager: true
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: 'auto'
App\Entity\User:
algorithm: auto
providers:
oauth:
id: knpu.oauth2.user_provider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: oauth
custom_authenticator: App\Security\KeycloakAuthenticator
access_control:
- { path: ^/, roles: ROLE_USER }Bundel.php
<?php
return [
Symfony\Bundle\FrameworkBundle\FrameworkBundle::class => ['all' => true],
Doctrine\Bundle\DoctrineBundle\DoctrineBundle::class => ['all' => true],
Doctrine\Bundle\MigrationsBundle\DoctrineMigrationsBundle::class => ['all' => true],
Symfony\Bundle\DebugBundle\DebugBundle::class => ['dev' => true],
Symfony\Bundle\TwigBundle\TwigBundle::class => ['all' => true],
Symfony\Bundle\WebProfilerBundle\WebProfilerBundle::class => ['dev' => true, 'test' => true],
Symfony\UX\StimulusBundle\StimulusBundle::class => ['all' => true],
Symfony\UX\Turbo\TurboBundle::class => ['all' => true],
Twig\Extra\TwigExtraBundle\TwigExtraBundle::class => ['all' => true],
Symfony\Bundle\SecurityBundle\SecurityBundle::class => ['all' => true],
Symfony\Bundle\MonologBundle\MonologBundle::class => ['all' => true],
Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true],
Symfony\WebpackEncoreBundle\WebpackEncoreBundle::class => ['all' => true],
Symfony\UX\Autocomplete\AutocompleteBundle::class => ['all' => true],
Symfony\UX\Chartjs\ChartjsBundle::class => ['all' => true],
KnpU\OAuth2ClientBundle\Client\ClientRegistry::class => ['all' => true],
KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
];KeycloakAuthenticator.php
<?php
namespace App\Security;
use Doctrine\ORM\EntityManagerInterface;
use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
use KnpU\OAuth2ClientBundle\Client\Provider\KeycloakClient;
use KnpU\OAuth2ClientBundle\Security\Authenticator\OAuth2Authenticator;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
class KeycloakAuthenticator extends OAuth2Authenticator
{
private $clientRegistry;
private $entityManager;
private $router;
/**
* KeycloakAuthenticator constructor.
* @param ClientRegistry $clientRegistry
* @param EntityManagerInterface $em
* @param RouterInterface $router
*/
public function __construct(ClientRegistry $clientRegistry, EntityManagerInterface $em, RouterInterface $router)
{
$this->clientRegistry = $clientRegistry;
$this->entityManager = $em;
$this->router = $router;
}
/**
* @param Request $request
* @return bool|null
*/
public function supports(Request $request): ?bool
{
return $request->attributes->get('_route') === 'connect_keycloak_check';
}
/**
* @param Request $request
* @return Passport
*/
public function authenticate(Request $request): Passport
{
/** @var KeycloakClient $client */
$client = $this->clientRegistry->getClient('keycloak');
$accessToken = $this->fetchAccessToken($client);
return new SelfValidatingPassport(
new UserBadge($accessToken->getToken(), function () use ($accessToken, $client) {
return $client->fetchUserFromToken($accessToken);
})
);
}
/**
* @param Request $request
* @param TokenInterface $token
* @param string $firewallName
* @return Response|null
*/
public function onAuthenticationSuccess(Request $request, TokenInterface $token, string $firewallName): ?Response
{
return new RedirectResponse($this->router->generate('admin'));
}
/**
* @param Request $request
* @param AuthenticationException $exception
* @return Response|null
*/
public function onAuthenticationFailure(Request $request, AuthenticationException $exception): ?Response
{
$message = strtr($exception->getMessageKey(), $exception->getMessageData());
return new Response($message, Response::HTTP_FORBIDDEN);
}
}variable ENV pour KeyCloack
###> KEYCLOAK ###
KEYCLOAK_REALM=tew
KEYCLOAK_SECRET=6FmMiooM0b8X9rIkGwQF7oqoJYqWVAwk
KEYCLOAK_CLIENTID=noyau
KEYCLOAK_APP_URL=http://localhost:8080/authJ'obtiens les message suivant et ne comprends pas.
Too few arguments to function KnpU\OAuth2ClientBundle\Client\ClientRegistry::__construct(), 0 passed in C:\wamp64\www\TEW_V04_KC\vendor\symfony\framework-bundle\Kernel\MicroKernelTrait.php on line 136 and exactly 2 expected
Merci pour votre aide et j'espère avoir posté comme il le faut. C'est mon premier poste ICI.