@@ -666,6 +666,7 @@ X.509 Authentication
666666 provider : your_user_provider
667667 user : SSL_CLIENT_S_DN_Email
668668 credentials : SSL_CLIENT_S_DN
669+ user_identifier : emailAddress
669670
670671code-block :: xml
671672
@@ -687,6 +688,7 @@ X.509 Authentication
687688 <x509 provider =" your_user_provider"
688689 user =" SSL_CLIENT_S_DN_Email"
689690 credentials =" SSL_CLIENT_S_DN"
691+ user_identifier =" emailAddress"
690692 />
691693 </firewall >
692694 </config >
@@ -703,6 +705,7 @@ X.509 Authentication
703705 ->provider('your_user_provider')
704706 ->user('SSL_CLIENT_S_DN_Email')
705707 ->credentials('SSL_CLIENT_S_DN')
708+ ->user_identifier('emailAddress')
706709 ;
707710 };
708711
@@ -723,7 +726,18 @@ If the ``user`` parameter is not available, the name of the ``$_SERVER``
723726parameter containing the full "distinguished name" of the certificate
724727(exposed by e.g. Nginx).
725728
726- Symfony identifies the value following ``emailAddress= `` in this parameter.
729+ By default, Symfony identifies the value following ``emailAddress= `` in this parameter.
730+ This can be changed using the ``user_identifier `` parameter.
731+
732+ user_identifier
733+ ...........
734+
735+ **type **: ``string `` **default **: ``emailAddress ``
736+
737+ The ``user_identifier `` parameter is used to find the user identifier in the
738+ "distinguished name" e.g. ``Subject: C=FR, O=My Organization, CN=user1, emailAddress=user1@myorg.fr ``.
739+
740+ By setting this parameter to ``CN ``, the returned user identifier will be the "Common Name" ``user1 ``
727741
728742.. _reference-security-firewall-remote-user :
729743
0 commit comments