UK Access Management Federation
for Education and Research
The UK federation is operated by Jisc and provides a single solution to accessing online resources and services for education and research. Here is some information on how it works and its benefits.
Eligible organisations are invited to join the current membership.
Latest news
Shibboleth Identity Provider + OpenSAML Security Advisory
Posted on Wednesday, 11 January 2023
Shibboleth users have been notified of a critical Remote Code Execution (RCE) vulnerability in some deployments of the Shibboleth Identity Provider (IdP). The formal announcement from the project is included below and was posted to announce@shibboleth.net [1] on Friday December 16 2022.
Ref: https://shibboleth.net/community/advisories/secadv_20221216.txt
Shibboleth SP Open Redirect vulnerability affecting Logout Handler: TLP:CLEAR
Posted on Tuesday, 10 January 2023
The UK federation team are asking you to be aware of Open Redirect vulnerabilities.
We have been working with operators of Shibboleth SP software who, because of a default in some releases of the software, have an Open Redirect vulnerability affecting the SP’s Logout Handler. A significant number of these Service Providers (SPs) have now corrected their configuration. However, a number remain with the vulnerability. If we have previously contacted you, this is a reminder to test and fix your deployments.