Custom Authentication with XenForo?


New member
I am using symfony2 as my main application, the session is stored inside redis.

I am wondering how simple is it to roll my own authentication strategy? Would I be able to pull in the session from redis fairly easy and tell XenForo to return true?

Can anyone provide some examples, insights, or existing plugins? I would love to purchase this but I dont want to have to dig too deep to figure out how to write something to share sessions.

I know it can be done, but I am curious to see what you guys have to say.



Active member
So your goal is only a different session storage, without any changes to user database, login methods, hash algorithms, etc.etc.?


Well-known member
You can create a custom authenticator in XenForo (1, probably 2 as well) and use that.

This is pre-sales, so ideally you'll want a license attached to your account and ask for assistance in the developers forum. The XenForo_Authentication_Core might be a good place to start looking on your own, after you get a license, to figure out what an authentication method requires. There are other classes in that directory that have authenticators for other forum softwares (after import).

It's not really complex. Worth noting that XF is using bcrypt, which is standard for password encryption these days, Ruby on Rails and Laravel use bcryot so the core authentication method will work fine for those, I think. Symfony2 components may be using bcrypt by default as well, since I know Laravel relies on a lot of Symfony components.

That's assuming you want to import from custom software, rather than implement a SSO system, which is a little different. No out of the box support for it afaik, but it's not too difficult to replace the authentication code to just use your custom method. IGN does it for their XenForo forums, and I think some add-ons exist to use a SSO solution.