Admin Auth Bundle
Rules
- If no roles can be assigned (no remote nor default roles found),
- and the user does not exist, an exception will be thrown, no data will be created
- and the user exists, login is no longer possible
Release Plan
| Release | Supported OpenDXP Versions | Supported Symfony Versions | Release Date | Maintained | Branch |
|---|---|---|---|---|---|
| 1.x | ^1.0 | ^7.3 | 2025 | Feature Branch | 1.x |
Supported Clients
- Azure
Installation
I. Add Dependency
"require" : {
"open-dxp/admin-auth-bundle" : "~1.0.0",
},
"repositories": [
{
"type": "composer",
"url": "https://open-dxp.repo.repman.io"
}
],
II. Register Bundle
Add Bundle to bundles.php:
return [
OpenDxp\Bundle\AdminAuthBundle\OpenDxpAdminAuthBundle::class => ['all' => true],
];
III. Configuration
opendxp_admin_auth:
mandates:
# Mandate name
azure:
# Scopes will be merged! If there are multiple matches, the user will be assigned to multiple roles!
scopes:
# scenario I: all members of group "digital" are allowed to log in as "editor"
-
required_groups:
- 'DIGITAL'
assigned_roles:
- 'editor'
# scenario II: all members of group "digital" AND "project_a" are allowed to log in as "editor"
-
required_groups:
- 'DIGITAL'
- 'SWISSOLAR'
assigned_roles:
- 'editor'
# scenario III: all members of group "digital" AND "project_a" AND "opendxp_admin" are allowed to log in as Admin-User
-
required_groups:
- 'DIGITAL'
- 'SWISSOLAR'
assigned_roles:
# magic variable: the user will be treated as admin (which can't be defined by roles)
- !php/const OpenDxp\Bundle\AdminAuthBundle\Manager\ClientManager::ADMIN_ROLE_IDENTIFIER
# scenario IV: all members of group "digital" AND "project_a" AND role "special_role" are allowed to log in as "editor"
# [NOT AVAILABLE IN DACHCOM CONTEXT]
-
required_groups:
- 'DIGITAL'
- 'SWISSOLAR'
required_roles:
- 'special_role'
assigned_roles:
- 'editor'
user:
# opendxp_user_folder_name: 'Remote Users'
role:
# opendxp_role_folder_name: 'Remote Groups'
# Set default roles, if you want to add them if no remote roles are available
# default_roles:
# - MyRole
# If false (default), an exception will be thrown if role can't be found
# create_role_if_not_exists: true
client:
type: azure
client_id: '[CLIENT_ID]'
client_secret: '[CLIENT_SECRET]'
redirect_route: opendxp_auth_connect_check
redirect_params: {
client: azure
}
# [use_state]
# use this if you want to use stateless mode without session involved
# if you want to use states, make sure your cookie_samesite setting is set to "lax":
#
# framework:
# session:
# cookie_samesite: 'lax'
#
use_state: false
scope:
- 'openid'
tenant: '[TENANT_ID]]'
# template:
## If you want to disable the default opendxp login form, set this to true
# render_default_opendxp_login_form: false
## set add_twig_paths to false, if you need to override opendxp admin templates within your projects
## [ATTENTION!] You have to extend your twig files from @!OpenDxpAdminAuth/bundles/OpenDxpAdminBundle/Admin/*/*.html.twig (if existing)
# add_twig_paths: true
VI. Security Configuration
# app/config/packages/security.yaml
security:
# ...
access_control:
+ - { path: ^/admin/auth/connect/azure/check$, roles: PUBLIC_ACCESS }
V. Add Translations
Each client will create a admin translation label, which needs to be translated by you: opendxp_auth.label.login_with_*.
If the azure client is active, a translation key opendxp_auth.label.login_with_azure will be created.
Upgrade Info
Before updating, please check our upgrade notes!
License
DACHCOM.DIGITAL AG, Löwenhofstrasse 15, 9424 Rheineck, Schweiz
dachcom.com, [email protected]
Copyright © 2024 DACHCOM.DIGITAL. All rights reserved.
For licensing details please visit LICENSE.md