Add documentation for frontend pid restriction

[jwtue]

Not a technical bug, but something that should be noted in documentation, as it was a breaking change for frontend login when updating from Typo3 v11 to v12.

Up until v11, these lines in the https://github.com/cdaecke/md_saml/blob/d0deab6b88f058ae1c3bbb41b484b15b1d3d45ff/Classes/Authentication/SamlAuthService.php#L141-L144 restricted the login to users stored in a certain page.

This stopped working for v12, because the AbstractAuthenticationService is missing the line

$constraints = array_filter([
    QueryHelper::stripLogicalOperatorPrefix($dbUser['check_pid_clause']),
    // ...
]);

so the check_pid_clause is ignored, while another pid restriction is applied with the default value (pid=0), so the query always returns an empty result set. Because of that, SAML frontend login fails without notice in v12.

This line was removed in https://github.com/TYPO3-CMS/core/commit/916a9479cad2cc3418b1adcd5dc1e5da051d3a70

I did some digging, and it seems from the commit notes that the pid restriction is now enforced as a query restriction like hidden, deleted, time restrictions, but I found no way of adjusting that restriction through settings or code, so the default check is always remaining at pid=0. For now, the only way I found to get it working again is setting ['FE']['checkFeUserPid'] = false in the installation settings.php. That way, no pid restriction is used at all and login works again.

Maybe you want to add this to the documentation or do some further investigation on how to solve this better.

[AlexKvrlp]

I added a pull request to fix this. In the meantime you could use my gist. Just add it to your sitepackage. https://gist.github.com/AlexKvrlp/48cce2dd7d137bcb2333bf29f5b1f77e

[cdaecke]

This was solved with #25