Tweak

javiereguiluz · javiereguiluz · commit e1bd56968ec1 · 2023-01-13T17:33:42.000+01:00
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -663,9 +663,9 @@ X.509 Authentication
                 main:
                     # ...
                     x509:
-                        provider:    your_user_provider
-                        user:        SSL_CLIENT_S_DN_Email
-                        credentials: SSL_CLIENT_S_DN
+                        provider:        your_user_provider
+                        user:            SSL_CLIENT_S_DN_Email
+                        credentials:     SSL_CLIENT_S_DN
                         user_identifier: emailAddress
 
     .. code-block:: xml
@@ -705,7 +705,7 @@ X.509 Authentication
                 ->provider('your_user_provider')
                 ->user('SSL_CLIENT_S_DN_Email')
                 ->credentials('SSL_CLIENT_S_DN')
-                ->user_identifier('emailAddress')
+                ->userIdentifier('emailAddress')
             ;
         };
 
@@ -726,18 +726,24 @@ If the ``user`` parameter is not available, the name of the ``$_SERVER``
 parameter containing the full "distinguished name" of the certificate
 (exposed by e.g. Nginx).
 
-By default, Symfony identifies the value following ``emailAddress=`` in this parameter.
-This can be changed using the ``user_identifier`` parameter.
+By default, Symfony identifies the value following ``emailAddress=`` in this
+parameter. This can be changed using the ``user_identifier`` option.
 
 user_identifier
-...........
+...............
 
 **type**: ``string`` **default**: ``emailAddress``
 
-The ``user_identifier`` parameter is used to find the user identifier in the
-"distinguished name" e.g. ``Subject: C=FR, O=My Organization, CN=user1, emailAddress=user1@myorg.fr``.
+.. versionadded:: 6.3
+
+    The ``user_identifier`` option was introduced in Symfony 6.3.
+
+The value of this option tells Symfony which parameter to use to find the user
+identifier in the "distinguished name".
 
-By setting this parameter to ``CN``, the returned user identifier will be the "Common Name" ``user1``
+For example, if the "distinguished name" is
+``Subject: C=FR, O=My Organization, CN=user1, emailAddress=user1@myorg.fr``,
+and the value of this option is ``'CN'``, the user identifier will be ``'user1'``.
 
 .. _reference-security-firewall-remote-user:
 
diff --git a/security.rst b/security.rst
@@ -1316,8 +1316,8 @@ ways:
 #. If it is not set (e.g. when using Nginx), it uses ``SSL_CLIENT_S_DN`` and
    matches the value following ``emailAddress``.
 
-You can customize the name of the three parameters under the ``x509`` key.
-See :ref:`the configuration reference <reference-security-firewall-x509>`
+You can customize the name of some parameters under the ``x509`` key.
+See :ref:`the x509 configuration reference <reference-security-firewall-x509>`
 for more details.
 
 Remote Users
