Skip to main content
Version: 2026.1

Installation

Bundle Installation

For Pimcore >= 10.5

To install Pimcore OpenID Connect for Pimcore 10.5 or higher, follow the three steps below:

  1. Install the required dependencies:
composer require pimcore/openid-connect
  1. Make sure the bundle is enabled in the config/bundles.php file. The following lines should be added:
use Pimcore\Bundle\OpenIdConnectBundle\PimcoreOpenIdConnectBundle;
// ...

return [
// ...
PimcoreOpenIdConnectBundle::class => ['all' => true],
// ...
];
  1. Install the bundle:
bin/console pimcore:bundle:install PimcoreOpenIdConnectBundle

For Older Versions

To install the OpenID Connect bundle for older versions of Pimcore, please run the following commands instead:

composer require pimcore/openid-connect
bin/console pimcore:bundle:enable PimcoreOpenIdConnectBundle
bin/console pimcore:bundle:install PimcoreOpenIdConnectBundle

PHP Extensions

Depending on the algorithm(s) used by the OpenID Connect provider, installing the bcmath and gmp PHP extensions can provide significant performance improvements.

Possible Configuration Clashes

The route pimcore_openidconnect_buttoninjection_script needs to be accessible publicly for the Pimcore public domain for the login buttons to show up.

If other modules or implementations add additional firewall configurations, make sure the route is still public accessible.

For example, when using the Pimcore portal engine, you need to add following configuration to your symfony configuration (e.g. in config.yaml):

pimcore_portal_engine:
custom_public_routes:
- pimcore_openidconnect_buttoninjection_script

Pimcore Studio UI

When using the OpenID Connect bundle with Pimcore Studio, the OAuth2 auth endpoints need to be publicly accessible. Add the following access_control rule to your config/packages/security.yaml before the catch-all Studio API rule:

security:
access_control:
# ... other rules ...
- {
path: ^/pimcore-studio/api/(docs|docs/json|translations|user/reset-password|setting/admin/thumbnail)$,
roles: PUBLIC_ACCESS,
}
- { path: ^/pimcore-studio/api/bundle/openid-connect/auth/, roles: PUBLIC_ACCESS }
- { path: ^/pimcore-studio/api, roles: ROLE_PIMCORE_USER }

The OpenID Connect rule must be placed before ^/pimcore-studio/api — otherwise the firewall will reject unauthenticated requests to the auth endpoints before the OAuth2 flow can complete.