Symfony 2 Security.yml redirect loop and LogicException issues

Question

OK I think I need hand holding..

This question is a follow on from the previous question: Symfony2 img/LdapBundle Bad credentials error

I have split this out as its a different issue. I am getting two different issues relating to the security.yml file as described below.

I have my security.yml:

security:
    firewalls:
        login_firewall:
            pattern:    ^/login$
            anonymous:  ~
            imag_ldap:
                check_path: login_check
                login_path: login
                csrf_provider: form.csrf_provider
                intention: authenticate
                provider: ldap
            logout:
                path:           /logout
                target:         /
        restricted_area:
            pattern:          ^/
            #anonymous:        ~ 
    providers:
        ldap:
           id: imag_ldap.security.user.provider

    encoders:
        IMAG\LdapBundle\User\LdapUser: plaintext

    access_control:
        - { path: ^/login,          roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/,               roles: IS_AUTHENTICATED_FULLY }

but im getting the following error: LogicException: No authentication listener registered for firewall "restricted_area".

SO i tried the following:

security:
    firewalls:
        login_firewall:
            pattern:    ^/login$
            anonymous:  ~
            imag_ldap:
                check_path: login_check
                login_path: login
                csrf_provider: form.csrf_provider
                intention: authenticate
                provider: ldap
            logout:
                path:           /logout
                target:         /
        restricted_area:
            pattern:          ^/
            #anonymous:        ~ 
            imag_ldap:
                check_path: login_check
                login_path: login
                csrf_provider: form.csrf_provider
                intention: authenticate
                provider: ldap
            logout:
                path:           /logout
                target:         /

but this causes a redirect loop.

Can anyone show me how to get this to work? I am trying to use the https://github.com/BorisMorel/LdapBundle ldap bundle to authenticate users..

Answer 1

According to the documentation https://github.com/BorisMorel/LdapBundle#configure-securityyml you should have one firewall with pattern: ^/ where also the login lives.

security:
    firewalls:
        restricted_area:
            pattern:    ^/
            anonymous:  ~
            imag_ldap:
                check_path: login_check
                login_path: login
                csrf_provider: form.csrf_provider
                intention: authenticate
                provider: ldap
            logout:
                path:           /logout
                target:         /
    providers:
        ldap:
           id: imag_ldap.security.user.provider

    encoders:
        IMAG\LdapBundle\User\LdapUser: plaintext

    access_control:
        - { path: ^/login$,         roles: IS_AUTHENTICATED_ANONYMOUSLY }
        - { path: ^/,               roles: IS_AUTHENTICATED_FULLY }

Sites where you don't need authentication you have to include under acces_control with IS_AUTHENTICATED_ANONYMOUSLY role. This also applies to the profiler and toolbar in dev-enivironment (actually for FOSUserBundle, but I think this also significant for the LdapBundle). And yeah, I know the symfony documentation says to create a anonymous firewall exclusively for ^/login$, but if the bundle supports an anonymous-role it is enough to take the exclude it with acces_control as above.

    - { path: ^/_wdt, role: IS_AUTHENTICATED_ANONYMOUSLY }
    - { path: ^/_profiler, role: IS_AUTHENTICATED_ANONYMOUSLY }

EDIT: And don't forget to import the routing definitions from the bundle and not define them self. see https://github.com/BorisMorel/LdapBundle#import-routing