Thanks for your advice.
I got the following code working:
$user = Tool\Authentication::authenticatePlaintext($_user,$_password);
// Check if the user exists !
return new Response(
‘Username or Password not valid.’,
array(‘Content-type’ => ‘application/json’)
// Handle getting or creating the user entity likely with a posted form
// The third parameter "main" can change according to the name of your firewall in security.yml
$token = new UsernamePasswordToken($user->getUsername(), null, $firewallName, $user->getRoles());
// If the firewall name is not main, then the set value would be instead:
// $this->get('session')->set('_security_XXXFIREWALLNAMEXXX', serialize($token));
// Fire the login event manually
$event = new InteractiveLoginEvent($request, $token);
* Now the user is authenticated !!!!
* Do what you need to do now, like render a view, redirect to route etc.
The user is now logged in “the symfony way”.
But i do get errors when subsequent code wants to access the $user object from the session.
I assume that pimcore does not know about the successfull login.
How can I inform pimcore abouet that?