Creating an authentication adapter
Alongside the native authentication, custom authentication adapters can be registered with the application to provide single sign-on to your identity management system of choice.
Adapters for common identity management software, such as LDAP, SAML and CAS are provided with the application but you can also create your own.
Jadu Central has two distinct types of user records:
- Users - these are public users who can authenticate for access to the frontend website
- Administrators - these are (usually) members of your organisation who log in to the Control Center to perform administrative or authoring tasks
Currently only the User authentication extension point is supported.
The frontend user authentication mechanism changed completely with the introduction of the Photon templating system. The documentation and examples here relate to Photon only and are not compatible with Classic Jadu Central templates.
Creating an Adapter
To create a custom User Authentication Adapter you should create a new class that
implements Jadu\ContinuumCommon\User\Authentication\AuthenticationAdapterInterface.
Example empty User Adapter class:
<?php
namespace MyProject\Authentication\Adapter;
use Jadu\ContinuumCommon\User\Authentication\AuthenticationAdapterInterface;
use Symfony\Component\HttpFoundation\Request;
class MyUserAdapter implements AuthenticationAdapterInterface
{
/**
* Return a unique key name for this adapter
*/
public function getMachineKey() {}
// --
/**
* Functionality indicators, used to tell Jadu Central what functionality your
* Adapter provides.
*/
public function canRegister() {}
public function canRemindPassword() {}
public function canUpdate() {}
public function canUpdatePassword() {}
// --
/**
* URL Builders, these need to provide full URLs and are used to generate links
* or redirect the user
*/
public function getAccountURL() {}
public function getFailedLoginResponseUrl() {}
public function getPasswordReminderURL() {}
public function getRegisterURL() {}
public function getSignInURL() {}
public function getSignOutURL() {}
public function getUpdatePasswordURL() {}
public function getUpdateURL() {}
// --
/**
* Logic methods these will actually perform the authentication actions
*/
public function authenticate(Request $request) {}
public function isLoginAction(Request $request) {}
public function performLogout() {}
public function refreshSession() {}
//--
}
Jadu Central will retrieve the adapter the Service Container. You can therefore pass in any dependencies to the adapter's constructor and have these provided via the Service Container when instantiated.
For example, if we needed to interact with the Jadu User Repository...
Add the constructor to our User Adapter:
public function __construct(CoreUserRepository $userRepository)
{
$this->userRepository = $userRepository;
}
Map the argument in the service definition in our bundle's Resources/config/services.yml:
services:
MyProject\Authentication\UserAdapter\MyUserAdapter:
arguments:
- '@Photon\CmsEngineCore\Repository\Marketing\User\CoreUserRepository'
Your adapter will likely also need to interact with several other objects. Passing these as constructor arguments is the recommended way to link those dependencies in to your adapter.
The developer training repository includes a good example user adapter that has the basic functionality implemented for further reference.
Activating your adapter
Once you have your adapter and its service definintion, in order to use it you
will need to set the USER_ADAPTER constant value to the name of the service. In
the case of the example above, the constant will need to be set to MyProject\Authentication\UserAdapter\MyUserAdapter.
Only one user adapter can be activated at any given time. It is not recommended to switch between user adapters on a system with existing user accounts without taking steps to ensure that any potential ID clashes will be safely handled.