Security and Authentication
Pimcore integrates with the Symfony Security Component for authentication and authorization. Pimcore Studio uses its own security firewall; configure separate firewalls for any frontend authentication requirements.
Login Example
The demo-enterprise repository (branch: 2026.x)
provides a full login implementation with form-based authentication, CSRF protection,
remember-me support, CMF CustomerObjectUserProvider, and e-commerce cart migration on login.
Key files:
config/packages/security.yaml- Firewalls, user providers, access control rules
src/Controller/AccountController.php- Login/logout controller actions
src/Form/LoginFormType.php- Login form definition
src/EventListener/AuthenticationLoginListener.php- Post-login hooks (e.g. cart migration)
The demo-enterprise repository is private and requires an enterprise license.
The simplified authentication guide below
covers the same concepts with a publicly accessible, minimal example.
Simplified Guide
For basic setups without CMF or e-commerce, follow the step-by-step guide at
Authenticate Against Pimcore Objects.
It covers user providers, password hashing with PasswordFieldHasher,
and firewall configuration using Pimcore data objects.