4. Step 2: Single Sign On
Utilise existing services
(Google Accounts & Active Directory for us)
Easy to use API
Catchy name
Staff Single Sign On
s3
o
5. Step 3: Roll it out EVERYWHERE
We used a three-pronged approach:
1. API which can be used for bespoke use-cases
2. Software libraries for common programming languages
3. Varnish integration as a catch-all for any web service
7. How?
Cron script checks the s3o public key every 5 mins
When it changes it gets substituted into VCL and varnish
reloaded
Lots of inline C to verify auth token really came from s3o
All wrapped up in a puppet module so it’s easy to deploy & reuse