Speaker
Description
The new CERN Single-Sign-On (SSO), built around an open sourcestack, has been in production for over a year and many CERN users are alreadyfamiliar with its approach to authentication, either as a developer or as an enduser. What is visible upon logging in, however, is only the tip of the iceberg.Behind the scenes there has been a significant amount of work taking placeto migrate accounts management and to decouple Kerberos [1] authenticationfrom legacy Microsoft components. Along the way the team has been engagingwith the community through multiple fora, to make sure that a solution is pro-vided that not only replaces functionality but also improves the user experiencefor all CERN members. This paper will summarise key evolutions and clarifywhat is to come in the future.