UK Access Management Federation
for Education and Research

The UK federation is operated by Jisc and provides a single solution to accessing online resources and services for education and research. Here is some information on how it works and its benefits.

Eligible organisations are invited to join the current membership.

Latest news

Central Discovery Service closing

Posted on Monday, 22 January 2024

Since the inception of the UK federation in 2007, we have operated a Central Discovery Service (CDS) which lives at wayf.ukfederation.org.uk. This is, currently, one way resource providers can determine where their end user is coming from and consequently which institution they have to be directed to, in order to authenticate and log on. We have always considered the CDS as a discovery option of "last resort".

However due to changes in the landscape the UK federation is closing the CDS on 29 February 2024. Affected service providers (SPs) are moving to an alternative discovery method before then to ensure continued access for end users. This change affects a small number of SPs who use the CDS. The vast majority of SPs already conduct their own discovery. Identity Providers (IdPs) are not affected by this change. We have contacted all affected services, however, should you be unsure if your service uses the CDS and needs to take action please contact the service desk service@ukfederation.org.uk.

The UK federation held a Clinic talking about the changes on 1 February 2024.

A recording can be viewed here:

https://jisc.zoom.us/rec/share/x4w9Y3EaGKO_ywdmzHPW2d0ty8v3mnc6xu_NlKYEHnLh6n1QgJutVypP_i6Alyr5.1VqQoOmuyL3LmGAS

We are keen to work with you to minimise any disruption to end users, so affected service providers should keep us updated of their chosen migration plans and reach out with any questions.

More information about discovery, and alternative discovery methods can be found here.

In the interim the UK federation will shortly implement controls to prevent new usage of the CDS, any service provider that has used the service within the past 90 days will be unaffected by the controls being implemented.

For additional support, the UK federation helpdesk is available at service@ukfederation.org.uk.

read more...

Service desk closure for Winter break 2023-2024

Posted on Tuesday, 19 December 2023

As usual, along with most areas of Jisc, the UK federation service desk will take an extended break over Christmas and New Year. The helpdesk will be unavailable from 13:00 on Thursday 21st December, 2023 and reopen at 10:00 on Tuesday 2nd January, 2024. If you submit a request to service@ukfederation.org.uk during these dates, your email will be logged, but we won't be able to respond until we return in January.

UK federation metadata will be re-published automatically over the holiday period so, whilst we will not make changes to UK federation-registered entities, there may be changes due to entities imported via eduGAIN.

read more...

Who's supplying the keys?

Posted on Tuesday, 24 October 2023

A recent incident affecting a very small number of entities in the UK federation has surfaced issues arising from IdPs and SPs using default cryptographic keys. The risk of using a default key is that someone may impersonate you. As a Service Provider (SP) they may obtain information from an Identity Provider (IdP), whilst hard to achieve, it is not impossible. The risk of an IdP using a default key is that someone may impersonate your IdP almost trivially.

read more...

Proposals for a Federated Credential Management API

Posted on Tuesday, 24 October 2023

User tracking for digital marketing can violate user privacy on the web. Now that browser vendors are looking to implement methods to stop user tracking, we must ensure these methods do not undermine other frameworks which protect privacy, such as Single Sign On through the UK federation, SAML and OpenID Connect. Jisc is monitoring these proposals from browser vendors and will keep UK federation members updated.

read more...

Improving assurance about federated identities

Posted on Tuesday, 24 October 2023

Some services available through the UK federation require more assurance about federated accounts than eduPersonScopedAffiliation by itself. Service owners are asking questions like "has the home organisation seen government-issued photo identification about the account holder?" or "is the identifier re-used when the person leaves?" If you are asking similar questions, you may find the REFEDS Assurance Framework (https://refeds.org/assurance) useful.

read more...

Shibboleth IdP version 5 has been released

Posted on Tuesday, 24 October 2023

In September 2023, the Shibboleth Project released version 5 of the Shibboleth IdP. The Shibboleth Project has also given notice that the planned end of life date for version 4 is 1 September 2024. Until then, they will be issuing security patches for version 4 if necessary, although there will be no further functional enhancements.

read more...