End of life for Shibboleth IdP v3 and IdP v4 upgrade guide

Posted on Friday, 2 October 2020

In March 2020, the Shibboleth IdP v4 was released, at the same time the Shibboleth IdP v3 end of life was announced, which will be the 31st December 2020.

The Trust and Identity team at Jisc supporting the UK federation have now made available an IdP v4 upgrade guide

read more... Edited by JonAgland

Shibboleth Service Provider Security Advisory 31st August 2020

Posted on Tuesday, 1 September 2020

A security advisory [1] has been released for the Shibboleth Service Provider involving deployments running on Windows and using the "modern" module for Microsoft IIS V7+. This module contains a flaw that can be triggered remotely, resulting in a potential denial of service condition exploitable by an unauthenticated attacker. Also, a service patch for the Windows distribution of the Service Provider software is now available [2]. This update contains a fix for a bug [3] in the IIS module. Other important information can be found in the release notes which should be reviewed when upgrading [4].

read more... Edited by SteveGlover

UK Federation Town Hall Week

Posted on Monday, 1 June 2020

We’d hoped to do this in person, but obvious reasons mean we are running virtual UK federation "Town Hall" sessions across a whole week of 8th-13th June (at lunch times 1-2pm), using Zoom. We’ll be covering a variety of topics and plan on the sessions being not entirely didactic. So please come armed with questions. If there is anything you would like to see covered, please email me (mark.williams@jisc.ac.uk) in the next week and we’ll see if we can add it in.

Topics

  • Baseline in the UK federation
  • CoC, R&S, Sirtfi & other attributes
  • Shibboleth health check lessons
  • Publisher round table: Ask anything
  • SSO & aspects of content piracy
  • Delegated authentication
  • Readiness for Shibboleth v.4
  • VerifID: Commercial Student Verification
  • About T&I Consultancy

read more... Edited by MarkWilliams ?

R&S attribute support for COVID researchers

Posted on Friday, 27 March 2020

How your institution can support COVID research with federated access Research and Scholarship attribute release

read more... Edited by MarkWilliams ?

Chrome Samesite issue (Last updated 31 January)

Posted on Thursday, 30 January 2020

The way web browsers handle cookies is changing soon. This can have an impact on some configurations of Identity Providers and, Service Providers. The impact may vary from no impact to 'Single Sign On stops working' (users are challenged for username/password every time) to 'entirely not working' depending on the configuration of your IdP or SP and the flow of HTTP messages between them. Please ensure this message is passed on to someone in your organisation who can check the impact on your service The updated UK federation webinar on this issue can be found here: https://youtu.be/avpj1FFXMZA

read more... Edited by SteveGlover