Thanks to visit codestin.com
Credit goes to github.com

Skip to content

RemoteUserAuthenticator triggers Symfony 8 deprecation notice #59584

Closed
@phasdev

Description

@phasdev

Symfony version(s) affected

6.4

Description

Shibboleth may include an empty username in the REMOTE_USER $_SERVER parameter, which triggers the following deprecation notice:

User Deprecated: Since symfony/security-http 7.2: Using an empty string as user identifier is deprecated and will throw an exception in Symfony 8.0. (source)

How to reproduce

Configure a Symfony project using a remote_user authenticator. Configure the web server to set the REMOTE_USER $_SERVER parameter to an empty string. Try to authenticate. Log will show deprecation notice.

Possible Solution

Update the RemoteUserAuthenticator to return null when an empty string is detected in the REMOTE_USER $_SERVER parameter.

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions