Search code examples
typo3typo3-12.x

Custom backend authentication service in TYPO3 v12

I have to update a custom authentication service which authenticates against an ADFS server. This service is running fine with TYPO3 v11 but not with TYPO3 v12 anymore. Somehow the method authUser(array $user) of my MyAuthService class is not called at all.

In my ext_localconf.php I register the service:

\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addService(
    'my_ext',
    'auth',
    \Vendor\Extension\Authentication\MyAuthService::class,
    [
        'title' => 'ADFS Authentication',
        'description' => 'Authentication with a Microsoft ADFS',
        'subtype' => 'authUserFE,getUserFE,authUserBE,getUserBE',
        'available' => true,
        'priority' => 80,
        'quality' => 80,
        'os' => '',
        'exec' => '',
        'className' => \Vendor\Extension\Authentication\MyAuthService::class
    ]
);

MyAuthService.php

namespace Vendor\Extension\Authentication;

use TYPO3\CMS\Core\Authentication\AbstractAuthenticationService;

class MyAuthService extends AbstractAuthenticationService
{
    public function authUser(array $user): int
    {
        // This is never called...
        echo 'authUser';
        exit;
    }

    public function getUser()
    {
        // redirect to ADFS server and do authentication
    }
}

The redirect to the ADFS server is triggered in the method getUser() correctly. After the authentication with the ADFS server it returns to my TYPO3 with the correct data posted. After returning from the ADFS server, the login fails and TYPO3 shows the login screen again.

What am I missing to get my authentication service working in TYPO3 v12 again?

Solution

  • You must ensure, that there is a valid request token. Since you are dealing with a SSO callback, you do not have any request token and must generate it manually.

    In order to do so, implement an event listener for the BeforeRequestTokenProcessedEvent event. In the event listener, set a request token as shown in the documentation https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/ApiOverview/Events/Events/Core/Authentication/BeforeRequestTokenProcessedEvent.html#beforerequesttokenprocessedevent

    Note, that the code example is not fully correct currently (`strtolower` is missing) and the last lines of the event listener must be changed to: 
    $event->setRequestToken(
    RequestToken::create('core/user-auth/' . strtolower($user->loginType))
);