[TYPO3-dev] Using fe_user->createUserSession() to log in and create fe session in TYPO3 4.5

[Helmut Hummel]

Hi Jochen,

On 01.11.11 15:56, Jochen Rieger wrote:

> I think we cannot use the auth service

Would be the clean way to do it.

> because we need to post-request against the SSO agent,

Just to get it right:

You have a login form which is not sent to TYPO3 but another application 
(the SSO agent)

> then we read the apache headers and need to
> create a fe_user session based on that.

then the SSO agent sends a request containing the neccessary user/ auth 
information in HTTP headers?

> With the auth service we
> couldn't manage to create the SSO session apache header data.

This part I also don't really get. Auth services can also be considered 
as aome kind of hooks that are executed during the initialisation of the 
user object. Why shouldn't it work here, but when using another hook?

The only "problem" I could imagine is that the services are only called 
if the GET/POST parameter "logintype" is set to "login" and credentials 
are also submitted.

If sending these is not possible nor wanted, you can force calling the 
services by setting the following configuration options to TRUE:

$TYPO3_CONF_VARS['SVCONF']['auth']['setup']['FE_alwaysFetchUser']
$TYPO3_CONF_VARS['SVCONF']['auth']['setup']['FE_alwaysAuthUser']

Kind regards,
Helmut

-- 
Helmut Hummel
TYPO3 Security Team Leader, TYPO3 v4 Core Team Member

TYPO3 .... inspiring people to share!
Get involved: typo3.org