As a world-renowned news organisation, the Financial Times (FT) recognises the importance of keeping its digital users engaged. So, to help streamline access and improve engagement levels among its users in universities and libraries, it offers access via single sign-on (SSO).
Thanks to federated access management, users from this important FT customer base can access content using sign-in credentials from their home organisation – which streamlines access and helps keep users logging in.
Until recently, the FT used OpenAthens SP2 to manage federated access. But with the deprecation of SP2 in May 2020, it needed to find a new solution that could be implemented by this deadline – and cause zero disruption to users while maintaining the benefits of streamlined access.
“When there is breaking news, it’s essential that we maintain quick and seamless access to FT content online, ensuring that the URLs we give to customers aren’t broken and continue to work,” explains Elena Stoimenova, product owner in the FT’s access and identity team.
Acting on a November 2019 email about the deprecation of SP2, the FT decided to migrate to OpenAthens’s cloud-based solution, Keystone, as quickly as it could.
“OpenAthens assured us that if we migrated to Keystone, the user experience wouldn’t change, and this was important for us,” says Elena. “So we didn’t have to think twice, as we already had good relations with OpenAthens.”
As planning for implementation began, the next challenge was that the FT needed detailed help in understanding how Keystone works – so it could be reassured that front-end functionality would not change. That’s because, while SP2 uses SAML, Keystone is based on OpenID Connect – so for the FT, it was not only a migration, but the implementation of a new product.
“We needed to combine OpenAthens’s knowledge of Keystone and our knowledge of how we integrated the existing SP2 solution,” says Elena. “Keystone may be a ‘black box’ solution, but to implement it we needed to analyse it technically.”
It soon became clear that a support ticket would not be sufficient to give the FT the understanding it needed, so its team asked for a technical workshop – and OpenAthens quickly organised this.
“They showed us demos, and we showed demos of how SP2 worked on our side, and both teams improved their knowledge,” says Elena.
For the migration itself, the FT also asked for someone from OpenAthens to be online in case something went wrong. “OpenAthens agreed, so we had someone on duty personally when we were migrating the production environment from the old to the new.”
The result, for the FT, was a successful and timely migration, in advance of the May 2020 deadline, with no disruption to users – which was what it had planned for.
At the same time, the team was glad that implementation was completed in early lockdown due to the Covid-19 pandemic – because at that time the FT was seeing a big increase in the number of logins.
“The unusual circumstances made it even more critical for our SSO functionality to be working perfectly,” says Krum Bakalsky, senior engineer in the FT team.
After the migration, too, the FT appreciated the benefits of having a cloud-based, lightweight solution hosted by OpenAthens, as opposed to the on-premises deployment it had previously.
“We don’t have to provision or maintain the service, so if OpenAthens find bugs or add a new feature, we consume this as a service,” says Krum.
The team was grateful to be spared the complexities of SAML. “SAML is a relatively odd specification that’s inconsistent across implementations, with every vendor having their own tips and tricks,” says Krum. “If we don’t have SAML, it saves quite a lot of hassle for us.”
“This way we get a more robust and more stable service – and it’s maintained by OpenAthens,” adds Teodor Shaterov, technology lead in the same team.
From the FT point of view, a key takeaway was the importance of good communication to a successful project.
“It was a good showcase at both ends,” says Krum. “OpenAthens came mostly from the system administration perspective and we had a software engineering perspective, but we managed to solve all our challenges.”
OpenAthens’ willingness to communicate was appreciated. “Any time we pinged them, they answered,” says Elena. “And the workshop was crucial for us: we spent about four hours together in a virtual room – this was the best help we received.”
And OpenAthens, too, is learning for the future: the FT have made helpful suggestions which have identified ways to help improve the documentation of Keystone – and help shape the direction of the software.
“Sincere and tremendous thanks for helping us out in this non-trivial transition. So happy to have reached this successful completion” – Krum Bakalsky, senior engineer in FT access and identity team, in his final comment on the OpenAthens service desk ticket.
To ask a question about OpenAthens Keystone, please email firstname.lastname@example.org.