Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has acontribution guide which I suggest you to read.

In short:

• Always add tests
• Keep backward compatibility (seehttps://symfony.com/bc).
• Bug fixes must be submitted against the lowest maintained branch where they apply (seehttps://symfony.com/releases)
• Features and deprecations must be submitted against the 6.2 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

Hey!

Thanks for your PR. You are targeting branch "6.2" but it seems your PR description refers to branch "6.3".
Could you update the PR description or change target branch? This helps core maintainers a lot.

Cheers!

Carsonbot

Hello,

How about adding proxy authentication while we are at it ?
https://apereo.github.io/cas/6.5.x/authentication/Configuring-Proxy-Authentication.html

Hello,

How about adding proxy authentication while we are at it ?https://apereo.github.io/cas/6.5.x/authentication/Configuring-Proxy-Authentication.html

Hello@drupol,
In my opinion it should be in a dedicated pr as it's a non mandatory use case

Hello,

I do not agree that much. Proxy validation is part of the CAS protocol, therefore, it's better to add it in here... or else you're going to implement half of the protocol here... is this what we want?

@nacorp@drupol is the proxy authentication part avoid the actual code to work as expected? If not, we can consider to add it later in another PR. But if this proxy is mandatory to make the authentication process work, it must be provided in this PR.

Proxy authentication involves the creation of a specific endpoint on the app and therefore is not part of this PR.

I would suggest to not implement the CAS protocol and discard this PR as long as the protocol is not fully implemented.

I do confirm that the proxy authentication of the cas protocol is optional and this PR, as is, allows us to use CAS protocol with default configuration.

It's ok if we don't implement the full specification, as long as the design allows implementing the other missing features.
I'm not super familiar to CAS but shouldn't we rather go with the last version of the protocol (3)?

As « the most noticeable update between versions 2.0 and 3.0 is the ability to return the authentication/user attributes », this PR will also work for simple authentication against CAS3 server. However, the developper will not not get all the data available from the authentication server - which is not a problem, imo, since the main goal of this PR is to deal with auth.

poke@welcoMattic :-)

This misses some DI integration in SecurityBundle i.e. the service configuration/registration needed to allow forauthenticators: { access_token: { token_handler: 'cas' } }.
You could find some inspiration in#48272

OK as#48272 will ship a brand new factory I'll do that as soon as it's merged!

Thank you@nacorp.