When using the legacy_sso_handler feature, described in https://doc.ez.no/display/EZP/Authentication in eZ Publish 5.4, the login will not work as expected:

• Returning a valid user in the legacy sso handler will result in authentication failure ( "A valid username and password is required to login.")
• Returning a false result in the sso handler will result in an infinite redirect loop. After this it is necessary to remove the session cookie, otherwise any page will result in a redirect loop.

Steps to reproduce:

• enable ezpublish_legacy_sso in security.yml:

  security:
      firewalls:
          ezpublish_front:
              pattern: ^/
              anonymous: ~
              # Adding the following entry will activate the use of old SSO handlers.
              ezpublish_legacy_sso: ~
  

• Implement a simple sso_handler, such as the example in http://share.ez.no/learn/ez-publish/using-a-sso-in-ez-publish

Note:

This appears to be a regression of some sort, as the behavior in eZ Publish 5.3 is correct.