UK federation information centre

Shibboleth Identity Provider Security Advisory 4th October 2017

Posted on Wednesday, 4 October 2017

A security advisory [1] has been released for the Shibboleth v3 Identity Provider that involves deployments connecting to an organisational directory service over LDAPS and relying on the jvmTrust setting. The issue could result in a Man In The Middle attack between the directory service and the IdP. Also, a patch release of the Shibboleth IdP (v3.3.2) has been released which fixes this issue [2]. Other important information can be found in the release notes which should be reviewed when upgrading. [3]

Shibboleth Consortium Growth

Posted on Wednesday, 19 July 2017

The Shibboleth Consortium, the non-profit organization that ensures the ongoing development, support and maintenance of the Shibboleth software, announced today the joining of five new members.

Distributing metadata around eduGAIN � the real picture

Posted on Monday, 10 July 2017

Rhys Smith, the UK federation technical architect has written a blog post on eduGAIN metadata distribution, looking at upstream and downstream publication issues: https://refeds.org/a/1676

Using the WAYF protocol with the UK federation Central Discovery Service is deprecated

Posted on Friday, 23 June 2017

This is formal notice that UK federation Central Discovery Service (CDS) support for the WAYF protocol is now deprecated. The WAYF protocol's limitations are sufficient that, since 2012, we have not recommended its use for new service provider deployments. Service Providers which use the WAYF protocol with our Central Discovery Service force Identity Providers to use the legacy SAML 1 protocol, and we no longer wish to facilitate the use of SAML 1. Our CDS will continue to support the Identity Provider Discovery Service (DS) Protocol [1], which supports both SAML 2 and SAML 1 operations.