User:Jbond/SSO
SSO at wikimedia is currently a work in progress based on the apereo cas sowftare.
It is currently reachable at https://idp.wikimedia.org and protects the following services
- Icinga - https://cas-icinga.wikimedia.org/
- puppetboard - https://cas-puppetboard.wikimedia.org/
Enable MFA
We currently only support U2F MFA tokens at this time and this is enable by using the ldap `mfa-method` attibute. As this attribute is part of the `wikimediaPerson` you also need to ensure users have this objectClass on the user account. i.e. to enable mfa on an account add ensure the following attributes are present on a user account. The can be added using the `modify-ldap-user` cli tool
mfa-method: mfa-u2f
objectClass: wikimediaPerson