UK Access Management Federation
for Education and Research
The UK federation is operated by Jisc and provides a single solution to accessing online resources and services for education and research. Here is some information on how it works and its benefits.
Eligible organisations are invited to join the current membership.
Latest news
Shibboleth Service Provider 3.0.2 now available
Posted on Friday, 10 August 2018
Last month saw the release of version 3 of the Shibboleth SP, quickly followed by a bugfix release and then a security release. The security advisory reports that there is vulnerability in a library used by versions 2 and 3 of the SP which can allow a denial of service attack on the SP. The vulnerability can only be mitigated by upgrading to the latest version of the SP, version 3.0.2, and there is no fix for the 2.x branch [1][2].
Shibboleth Identity Provider Security Advisory 4th October 2017
Posted on Wednesday, 4 October 2017
A security advisory [1] has been released for the Shibboleth v3 Identity Provider that involves deployments connecting to an organisational directory service over LDAPS and relying on the jvmTrust setting. The issue could result in a Man In The Middle attack between the directory service and the IdP. Also, a patch release of the Shibboleth IdP (v3.3.2) has been released which fixes this issue [2]. Other important information can be found in the release notes which should be reviewed when upgrading. [3]