UK Access Management Federation
for Education and Research
The UK federation is operated by Jisc and provides a single solution to accessing online resources and services for education and research. Here is some information on how it works and its benefits.
Eligible organisations are invited to join the current membership.
Latest news
UK federation authentication gateways webinar - November 2024
Posted on Friday, 27 September 2024
The UK federation are organising a webinar, featuring a guest speaker from the Finnish Federation to discuss authentication gateways for Shibboleth.
Critical security flaw in ruby-saml library
Posted on Thursday, 19 September 2024
The federation has been made aware of a critical security flaw in ruby-saml -- a Ruby based SAML library used by some participants of the federation.
https://nvd.nist.gov/vuln/detail/CVE-2024-45409
From the security announcement:
Affected versions of ruby-saml are any that are up to and including 1.12.2 and between 1.13.6 and 1.16.0.
We're aware that Omniauth's SAML implementation (up to and including version 2.1.0) is also based on this library and is fixed in version 2.2.0.
We recommend that you check whether you're using this library or Omniauth and take appropriate action as soon as possible.
Infrastructure upgrade work on the UK Federation metadata publication
Posted on Wednesday, 10 July 2024
We recently carried out infrastructure upgrade work on the UK Federation metadata publication. These changes will have gone unnoticed to the majority of our customers and your retrieval of the UK Federation metadata would have continued as normal if you are using the correct FQDN for the metadata aggregate (http://metadata.ukfederation.org.uk/ukfederation-metadata.xml) or MDQ (http://mdq.ukfederation.org.uk/).