I was using Symfony 2.0 with simplesamlphp with no problems at all.
When i migrated to Symfony 2.1, external authentication with simplesamlphp stoped working.
After some research i found out that Symfony 2.1 HTTP Foundation has now a Session Managment documented in http://symfony.com/doc/master/components/http_foundation/sessions.html.
The problem happens because simplesamlphp service provider starts a new session instead of retriving the initial session (maybe because it's using php functions such as session_start() or session_id()).
If i use
storage_id: session.storage.mock_file
authentication works but csrf protection fails in all forms.
This behavior was not happening with Symfony 2.0.
Does this means that Symfony 2.1 is now incompatible with External Authentication providers??
Is there a way to AVOID using symfony Session Managment? Should i report this as an improvment/bug?
Thanks in advance,
Afonso Martins Vaz
We solved this issue by using memcache with simplesaml php. (see this link)
This way simplesamlphp session would not mess with Symfony2 Session and we could use both with Symfony2.1 default configurations.