UK federation test IdP

Posted on Friday, 5 December 2014

The UK federation now has an IdP for use by SP operators for testing purposes. The test IdP has six accounts, each of which releases a different set of attributes to an SP on authentication. We welcome operators of existing and new SP deployments to test their deployments with the UK federation test IdP.

For more information, please read our Test IdP documentation page. read more... Edited by AlexStuart

Central Discovery Service partial outage - now resolved

Posted on Tuesday, 4 November 2014

The UK federation CDS (Central Discovery Service) experienced a partial outage earlier today. This has now been fixed and a full service is available again.

read more... Edited by AlexStuart

eduGAIN participation will become the default during November 2014

Posted on Thursday, 23 October 2014

An announcement was recently sent out to everyone listed as a technical or administrative contact for an entity registered with the UK Access Management Federation for Education and Research, and to Management Liaisons for the UK federation members. Its purpose is to inform you of changes to the way in which the UK federation participates in the eduGAIN system, and to outline the actions you may want to take as a result.

read more... Edited by AlexStuart

Shibboleth security advisory for Shibboleth IdP and OpenSAML-J

Posted on Friday, 19 September 2014

The following announcement has recently been sent out to everyone listed as a technical or administrative contact for an entity registered with the UK Access Management Federation for Education and Research. Its purpose is to inform you of an important security problem which will affect some UK federation members.

YOU SHOULD ENSURE that the material below is reviewed by your technical staff as soon as possible, so that you can minimise the impact of this issue on your services.

We recommend that all deployments of the Shibboleth IdP be upgraded to version 2.4.2 as soon as possible to avoid the security issue.

The full Shibboleth security advisory is available at: http://shibboleth.net/community/advisories/secadv_20140919.txt

Please contact the UK federation helpdesk (service@ukfederation.org.uk) if you have any additional questions about this update.

Edited by AlexStuart

Job vacancy: Metadata Officer in the UK federation

Posted on Friday, 5 September 2014

The UK federation is advertising for a Metadata Officer to be part of the team that manages the UK federation metadata. It's a technical role and we think it would be suitable for someone with a degree in Computing, Library or Information Science, or who has equivalent experience.

https://www.vacancies.ed.ac.uk/pls/corehrrecruit/erq_jobspec_version_4.jobspec?p_id=031296

The closing date is 5pm on 19th September 2014. We anticipate interviews will be held in the week commencing 6th October 2014, in Edinburgh. Edited by AlexStuart

New OpenSSL vulnerability

Posted on Tuesday, 10 June 2014

The following announcement has just been sent out to everyone listed as a technical or administrative contact for one or more entities registered with the UK Access Management Federation for Education and Research. Its purpose is to inform you of an important security problem which will affect many UK federation members.

YOU SHOULD ENSURE that the material below is reviewed by your technical staff as soon as possible, so that you can minimise the impact of this issue on your services.

read more... Edited by SteveGlover

SERVICE PROVIDER Heartbleed recovery recommendations

Posted on Friday, 18 April 2014

The following announcement has just been sent out to everyone listed as a technical or administrative contact for one or more entities registered with the UK Access Management Federation for Education and Research. Its purpose is to provide recommendations for post-patch mitigation of the "Heartbleed" vulnerability for SERVICE PROVIDER operators.

This advisory is for the attention of SERVICE PROVIDER operators. You should have received the equivalent advisory for the attention of identity provider operators earlier today.

If you have not seen our initial "Heartbleed" advisory, you can find it here:

 http://www.ukfederation.org.uk/content/News/2014-04-08-secadv

YOU SHOULD ENSURE that the material below is reviewed by your technical staff as soon as possible, so that you can minimise the impact of this issue on your services.

read more... Edited by SteveGlover

IDENTITY PROVIDER Heartbleed recovery recommendations

Posted on Friday, 18 April 2014

The following announcement has just been sent out to everyone listed as a technical or administrative contact for one or more entities registered with the UK Access Management Federation for Education and Research. Its purpose is to provide recommendations for post-patch mitigation of the "Heartbleed" vulnerability for IDENTITY PROVIDER operators.

This advisory is for the attention of IDENTITY PROVIDER operators. It will be followed later today by an advisory for the attention of service provider operators.

If you have not seen our initial "Heartbleed" advisory, you can find it here:

 http://www.ukfederation.org.uk/content/News/2014-04-08-secadv

YOU SHOULD ENSURE that the material below is reviewed by your technical staff as soon as possible, so that you can minimise the impact of this issue on your services.

read more... Edited by SteveGlover

Critical OpenSSL bug ("heartbleed") - Update

Posted on Friday, 11 April 2014

The following update has been sent out to all technical or administrative contacts for entities registered with the UK Access Management Federation for Education and Research. Its purpose is to provide additional information about the "Heartbleed" vulnerability for users of the Shibboleth and Eduserv OpenAthens product lines.

If you have not seen our initial "Heartbleed" advisory, you can find it here:

 http://www.ukfederation.org.uk/content/News/2014-04-08-secadv

We will follow up with additional information in the coming days as it becomes available.

YOU SHOULD ENSURE that the material below is reviewed by your technical staff as soon as possible, so that you can minimise the impact of this issue on your services.

read more... Edited by SteveGlover

Security advisory: critical OpenSSL bug ("heartbleed")

Posted on Tuesday, 8 April 2014

The following message has just been sent out to all technical or administrative contacts for entities registered with the UK Access Management Federation for Education and Research. Its purpose is to inform them of an EXTREMELY SEVERE security problem which will affect many UK federation members, and provide first steps towards mitigation.

We will follow up with additional information in the coming days as it becomes available.

If you are responsible for, or operate, an entity within the UK federation,YOU SHOULD ENSURE that the material below is reviewed by your technical staff as soon as possible, so that you can minimise the impact of this issue on your services.

Summary

On 2014-04-07, the OpenSSL project released a new security advisory for version 1.0.1 of the OpenSSL library. The advisory can be found here:

 https://www.openssl.org/news/secadv_20140407.txt

You can read more about the issue here:

 http://heartbleed.com/

Janet's advisory is here:

 https://community.ja.net/blogs/csirt/article/heartbleed-openssl-vulnerability-cve-2014-0160

This extremely serious bug in the OpenSSL library affects any software using that library, whether as a client or a server. It allows an attacker to extract private information from the memory of the vulnerable system. This may include past traffic or other private information, and will often include the system's private keys.

This advisory will deal only with the compromise of a system's private keys. Depending on configuration, the keys compromised through this vulnerability may include the web server's SSL/TLS private keys, and the private keys of any SAML software you are running on the system.

read more... Edited by SteveGlover

Opt-in to eduGAIN to reach 22 other federations

Posted on Thursday, 13 February 2014

The UK federation is fully integrated with eduGAIN, which means that an entity registered in the UK federation can now reach 22 other federations via a simple opt-in.

read more... Edited by SteveGlover