minor #6423 Added a caution note about REMOTE_USER and user impersona…

…tion (javiereguiluz) This PR was merged into the 2.7 branch. Discussion ---------- Added a caution note about REMOTE_USER and user impersonation Note: this should be merged 2.7 and higher. Commits ------- fbcfbb4 Fixed a path d0c9ad9 Added a caution note about REMOTE_USER and user impersonation
symfony · Apr 12, 2016 · 069bffb · 069bffb
2 parents fd7b6b1 + fbcfbb4
commit 069bffb
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/cookbook/security/pre_authenticated.rst b/cookbook/security/pre_authenticated.rst
@@ -151,3 +151,10 @@ key in the ``remote_user`` firewall configuration.
     Just like for X509 authentication, you will need to configure a "user provider".
     See :ref:`the previous note <cookbook-security-pre-authenticated-user-provider-note>`
     for more information.
+
+.. caution::
+
+    :doc:`User impersonation </cookbook/security/impersonating_user>` is not
+    compatible with ``REMOTE_USER`` based authentication. The reason is that
+    impersonation requires the authentication state to be maintained server-side
+    but ``REMOTE_USER`` information is sent by the browser in each request.