Smooth movement to LDAP for Single Sign On
December 21, 2016
Based on a productive collaboration of the Server Team and the typo3.org Team, we have set up a LDAP service to replace the current Single Sign On (SSO) solution which is integrated into the typo3.org website.
tl;dr Log in once on typo3.org and set a new password, otherwise your account will not be available after the migration to LDAP.
In the course of rebuilding typo3.org (and as announced in a former news article), we are going to extract the Single Sign On service out of typo3.org into a separate website. This is done with the intention to make the relaunch easier for us. A central LDAP directory allows us to integrate further services in the TYPO3 ecosystem using the same account for all logins.
During the last weeks, we have built and configured the LDAP server to match the given requirements.
We want to inform you about the steps we take:
We updated the extensions “ajaxlogin” and “t3o_ajaxlogin” so that all user data including passwords will be sent over an encrypted channel to the LDAP server. This happens whenever the user log in or updates his data and/or password.
Early next year, we will remind all remaining users to log in once on typo3.org, to make sure that their credentials will be available on the new system.
By that time, we will also announce the date of the final switch to LDAP as the new leading authentication system. Users who have not updated their user data until this date won’t be able to login on typo3.org (and related services) anymore.
We are planning about 3 months for the whole migration and will give you the time to do the migration procedure.
If you have any questions or suggestions about the workflow, don’t hesitate to contact us on Slack (channel #t3o-team).
Credits for this huge project go to Andreas Beutel and Bastian Bringenberg who configured the LDAP environment, and Thomas Löffler for adapting typo3.org to the new setup.