We have stopped warning about expiring self-signed trust fabric certificates
Posted on Thursday, 31 October 2019
The UK federation follows the SAML Metadata Interoperability Profile. This profile requires that a trust fabric certificate in metadata is treated only as a convenient wrapper for a cryptographic public key, with none of the additional semantics normally associated with certificates, such as a check against its expiry date.
End of Support for Shibboleth V2 Identity Provider
Posted on Thursday, 17 October 2019
The UK federation will be ending its support for Shibboleth V2 Identity Provider (IdP) deployments on December 31st 2019.
Why we are doing this:
Shibboleth IdP v2 IdP deployments have been End of Life since July 2016 and ending support for this will allow effort to be focused on current deployments.
Who does this concern:
The UK federation support team has contacted institutions and organisations known to be running Shibboleth IdP v.2 software, however it is possible that some remain unidentified in which case if you believe your institution may be running Shibboleth IdP v2 please consider the action detailed below.
Shibboleth IdP version 4
Posted on Monday, 14 October 2019
The next version of the Shibboleth IdP (version 4) will remove some configuration elements that IdP deployers in the UK federation rely on. Every Shibboleth IdP deployer must change their configuration to use the new elements that have been available since v3.4.0. The changes are typically small and well-defined, and IdP 3.4 will log warnings for deprecated elements. The UK federation lists the most relevant actions in Deprecated features in Shibboleth IdP v3 will be removed in v4 (https://www.ukfederation.org.uk/content/Documents/DeprecationIdPv4). You have a few months window of opportunity to reconfigure deprecated elements to ensure a smooth transition to IdP v4 when it is released.
Successful Attribute Release and eduGAIN IdP Health Check Webinar
Posted on Friday, 24 May 2019
Still too often accessing federated services today does not work because attribute release at the Identity Provider does not work. This is frustrating for end users, services and the research collaborations operating many eduGAIN services. Bad attribute release hinders research!
The webinar takes place on 03 July 2019 from 10:00 to 11:00 am CEST (09:00 to 10:00 BST / UK local time),
Shibboleth Identity Provider 3.4.4 now available
Posted on Thursday, 23 May 2019
The Shibboleth Project has released v3.4.4 of the Identity Provider (IdP) software, this is a patch release containing a number of bug fixes. The UK federation recommends that you run the latest version of the IdP software, and upgrade as soon as your maintenance schedules allow. Please see the Shibboleth IdP Release Notes
Upgrading to v3.4.x is an important step in maintaining your Shibboleth IdP, as it should be possible to in-place upgrade from an existing IdP v3 to this version. This version identifies a number of deprecation warning messages, and you will need to work to resolve the issues identified prior to the release of Shibboleth IdP v4 (expected to be released later in 2019).
Shibboleth SP 184.108.40.206 Update for Windows
Posted on Tuesday, 26 March 2019
There's been a service update  to the SP installers for Windows labeled V220.127.116.11 to make a fix for the bug where a non-default handlerURL fails with the IIS 7 module . To be clear: this only affects your Shibboleth SP deployment if you are running Windows AND IIS 7 AND have set
handlerURL in the
This is the only change in the packages, so is only relevant for IIS 7+ deployments. This is an atypical release process that would normally be done as a full patch, but that would delay the fix for an indeterminate period and the bug has been causing a lot of problems and traffic on the Shibboleth Users list, so it was the most expedient solution.
Edited by AlexStuart
Shibboleth Service Provider 3.0.4 now available
Posted on Wednesday, 13 March 2019
The Shibboleth Project has released V3.0.4 of the Service Provider, a patch release, along with patch releases of the xmltooling (V3.0.4) and opensaml (V3.0.1) libraries. This is a bug fix release, and also addresses a denial of service vulnerability. The UK federation recommends that you upgrade to this version.
Edited by AlexStuart
Shibboleth Service Provider 3.0.3 now available
Posted on Tuesday, 5 February 2019
A third patch release of the Service Provider software is available which corrects a denial of service vulnerability. Please see The Release Notes for more information. The UK federation recommends that you upgrade to this version.
If you are using Red Hat and compatible systems, you can "yum update" to the latest version. Alternatively, you can find the latest versions in all formats on the shibboleth.net website.
The Windows installers include some other library updates, including OpenSSL 1.1.1a, which includes TLS 1.3 support for the first time. Edited by AlexStuart
Version 1.2.1 of Shibboleth Embedded Discovery Service now available
Posted on Friday, 1 February 2019
The Shibboleth Project has released a bugfix (version 1.2.1) of the Embedded Discovery Service. This is a bug fix that prevents new installations of the EDS from acting as an open redirector. Existing systems will continue to function as one until locked down, but the presence of the new setting will prevent this behaviour.
If your Service Provider uses this product, we recommend that you upgrade to the new bugfix version.
Please read the EDS Release Notes for more information. Edited by AlexStuart