Page MenuHomePhabricator

Story idea for Blog: Rollout of single-sign-on (SSO) at the Wikimedia Foundation
Open, Needs TriagePublic

Description

We (@jbond and @MoritzMuehlenhoff) are planning to submit Tech blog postings about the implementation of Single Sign On within services operated by SRE.

Since this spans a bigger project which is now closing it, we're planning to break it down to three separate blog posts:

  1. Picking the SSO solution: The original landscape of our web-based services before SSO was implemented, a summary of the requirements we gathered for our new SSO identity provider, a summary of the existing FLOSS solutions we evaluated and a summary why we picked Apereo CAS as the identity provider to build our new service.
  1. Implementation of the SSO solution: A breakdown of how we designed and implemented our SSO setup, including aspects like high availability, monitoring, deployment and central configuration management.
  1. Migration of services to SSO and lessons learned: An overview of services which we integrated into the SSO frameworks (using which authentication protocols), lessons learned and an outlook at future steps.

Mostly "Big picture", but we're also hoping that will be useful for other sites looking to build an SSO framework with FLOSS, so some extent also "Technical explanation: problem / solution"

  • Which audience or audiences do you think your post is appropriate for?:
  1. Community members (some of the services integrated into SSO are used by them partly and in the future Gitlab will use our SSO framework as well
  2. Other orgs who are interested in setting up an SSO identity provider based on FLOSS or migrating to a new one
  • Will you need assistance with writing your blog post, or do you already have a draft? If you have a draft, please provide a link here:

We don't need further assistance other than stylistic review to align the content with the TechBlog guidelines. We expect to have a draft ready for at least one part of the series in February or early March.

  • Does your post need to be published by a certain date?

No.

We don't have one yet, but will have a look at Commons. Suggestions are more than welcome, since SSO is a concept that seems hard to visualise. Maybe something with a key to signify authentication or similar.

  • Do you have any other questions or comments?

Not at this point.

Once your request is received, a technical blog admin will review it and reach out to you through Phabricator.

Event Timeline

@jbond and @MoritzMuehlenhoff The ideas for the 3 posts sound great and the timeline sounds good! Looking forward to reading the drafts!

@jbond and @MoritzMuehlenhoff Hey there! Just checking in to see how you are progressing with your first draft?

@srodlund: We have an almost complete first draft, it's in the final phase of proof-reading/fine-tuning. We'll share it with for within the next 1-2 days.

Great! I'm looking forward to reading it!

@MoritzMuehlenhoff and @jbond I have done an additional passthrough of the post. It looks good so far! I made some suggestions for grammar and style changes. Can you look through them and accept or decline?

Note, I changed some words to US English spellings. It's not a strict style rule that we use these on the blog, but I usually do for consistencyency. If you don't want to change them, it's fine.

@MoritzMuehlenhoff and @jbond I have done an additional passthrough of the post. It looks good so far! I made some suggestions for grammar and style changes. Can you look through them and accept or decline?

Thanks, I've accepted your changes, added a title (also also added an additional sentence to the second paragraph which provides additional context that the discussed SSO system is unrelated to the logins that happen on-wiki)

Note, I changed some words to US English spellings. It's not a strict style rule that we use these on the blog, but I usually do for consistencyency. If you don't want to change them, it's fine.

Ack, going with US English for consistency is perfectly fine!

Perfect! I will move this over to the tech blog to prepare for publication.

I will send along some suggestions for possible images tomorrow.

Perfect! I plan on publishing this tomorrow 9 March 2021.

Perfect! I plan on publishing this tomorrow 9 March 2021.

Great, thanks!

This has been published: https://techblog.wikimedia.org/2021/03/10/wikimedia-sso-evaluation/

Let me know if it looks good to you, and I'll send an announcement out!

This has been published: https://techblog.wikimedia.org/2021/03/10/wikimedia-sso-evaluation/

Let me know if it looks good to you, and I'll send an announcement out!

Looks good, thanks!

There's still part 2 and 3 coming (but rather next month), should we reopen the task when ready or make a new one?

Yes! Sorry! I forgot about that! Reopened!