UK Access Management Federation
for Education and Research

The UK federation is operated by Jisc and provides a single solution to accessing online resources and services for education and research. Here is some information on how it works and its benefits.

Eligible organisations are invited to join the current membership.

Latest news

Who's supplying the keys?

Posted on Tuesday, 24 October 2023

A recent incident affecting a very small number of entities in the UK federation has surfaced issues arising from IdPs and SPs using default cryptographic keys. The risk of using a default key is that someone may impersonate you. As a Service Provider (SP) they may obtain information from an Identity Provider (IdP), whilst hard to achieve, it is not impossible. The risk of an IdP using a default key is that someone may impersonate your IdP almost trivially.

read more...

Proposals for a Federated Credential Management API

Posted on Tuesday, 24 October 2023

User tracking for digital marketing can violate user privacy on the web. Now that browser vendors are looking to implement methods to stop user tracking, we must ensure these methods do not undermine other frameworks which protect privacy, such as Single Sign On through the UK federation, SAML and OpenID Connect. Jisc is monitoring these proposals from browser vendors and will keep UK federation members updated.

read more...

Improving assurance about federated identities

Posted on Tuesday, 24 October 2023

Some services available through the UK federation require more assurance about federated accounts than eduPersonScopedAffiliation by itself. Service owners are asking questions like "has the home organisation seen government-issued photo identification about the account holder?" or "is the identifier re-used when the person leaves?" If you are asking similar questions, you may find the REFEDS Assurance Framework (https://refeds.org/assurance) useful.

read more...

Shibboleth IdP version 5 has been released

Posted on Tuesday, 24 October 2023

In September 2023, the Shibboleth Project released version 5 of the Shibboleth IdP. The Shibboleth Project has also given notice that the planned end of life date for version 4 is 1 September 2024. Until then, they will be issuing security patches for version 4 if necessary, although there will be no further functional enhancements.

read more...

End of Support for Shibboleth v3 IdP

Posted on Tuesday, 24 October 2023

Shibboleth IdP version 3 reached its end of life at the end of 2020. The Shibboleth project is not providing any security releases for this version and there are no bugfix releases. Please ensure you are not using this version.

read more...

UK federation position paper about SAML subject identifiers

Posted on Tuesday, 24 October 2023

The UK federation recommends using eduPersonTargetedID as a pseudonymous persistent identifier when the service needs no personal information to function and you need to preserve privacy for end users.

read more...