I believe that what you want to do has it's own page in the documentation. Take a look at How to create a custom user provider, it gives a nice walkthrough of how you can use a webservice to authenticate your user.
UPDATE:
Yes, the link I shared tells you how to create a User Provider. And that is exactly what you must do. In the very first paragraph of this page, it says:
When a user submits a username and password, the authentication layer asks the configured user provider to return a user object for a given username.
So you need to create a class that extends the UserInterface
, and this class should have all the properties that are returned from your web service (also by default, the UserInterface requires a few properties, such as username, password, salt, and roles. But salt and roles can be blank if you don't use them).
Then you create a User Provider that implements the UserProviderInterface
. This will make it so that the function loadUserByUsername
is called when you perform a login. In this function, you perform your webservice request, sending the credentials. The response of your request can then be mapped to your User class that you created. Then you return the User object that you created with the data that was returned from your webservice.
In order for Symfony to know that you want to use your custom User Provider for your form login, you need to create a service for your user provider. So in src/Acme/WebserviceUserBundle/Resources/config/services.yml
(you may need to create the file), you can add a service as it outlines in the docs:
parameters:
# path to the user provider you just created
webservice_user_provider.class: Acme\WebserviceUserBundle\Security\User\WebserviceUserProvider
services:
webservice_user_provider:
class: "%webservice_user_provider.class%"
Once you have this service created, then you just tell your form login to use this custom provider. In security.yml:
security:
providers:
webservice:
# this id is the name of the service you created
id: webservice_user_provider
Also, if your password is encrypted in your webservice, you should make sure that Symfony encrypts it the same way to do the comparison. So in security.yml you can add
security:
encoders:
Acme\WebserviceUserBundle\Security\User\WebserviceUser: sha512 # or md5, or others