Symfony version(s) affected: 5.1

Description

I've replaced my guard login authenticator with a version based on the AbstractLoginFormAuthenticator and enabled the AuthenticationManager. Everyhing works fine except hitting a page which requires IS_AUTHENTICATED_REMEMBERED without actual being logged in.

This triggers an AccessDeniedException which gets caught by the firewall ExceptionListener. This creates an InsufficientAuthenticationException and tries to startAuthentication() with it. That method then throws an HttpException because there's not AuthenticationEntryPoint defined:

        if (null === $this->authenticationEntryPoint) {
            throw new HttpException(Response::HTTP_UNAUTHORIZED, $authException->getMessage(), $authException, [], $authException->getCode());
        }

The guard system correctly uses the configured entry point to redirect to my login page.

How to reproduce

1. Build a login form based on the new authenticator
2. Build a page requiring a authenticated user
3. Hit the page w/o authentication

Possible Solution

Define an entry point for the authenticator?

Sorry if I missed some doc. I've checked the blog post and Wouter's additional article, but couldn't find help.

Kind regards
Matthias