UK Access Management Federation
for Education and Research
The UK federation is operated by Jisc and provides a single solution to accessing online resources and services for education and research. Here is some information on how it works and its benefits.
Eligible organisations are invited to join the current membership.
Latest news
Shibboleth Identity Provider Security Advisories
Posted on Tuesday, 2 June 2026
The UK federation recommends adhering to best practices by routinely managing patches for the Shibboleth Identity Provider (IdP). This includes subscribing to future security notifications: Shibboleth Announce.
Following the recent security advisories [1,2] from the Shibboleth Consortium regarding the IdP, you should update your IdP software to the latest version within your existing patching schedules.
Please ensure your software versions are patched promptly. If you have any questions or queries then please do contact the UK federation service desk.
Trust and Identity consultancy customers are free to contact us to schedule an upgrade under their existing Retained Expertise agreements.
[1] Excessive resource consumption - an issue which could lead to excessive resource consumption, potentially causing the system to become unstable or fall over, recoverable with a simple service restart.
[2] SMTP injection - an issue around SMTP injection vector which is unlikely to be in use by the UK federation userbase. Updating will help mitigate any potential exploits.
Invitation for collaboration on the REFEDS Assurance Framework
Posted on Wednesday, 25 February 2026
We invite organisations, particularly those involved in research-intensive institutions but not limited to them, that may have an interest in the REFEDS Assurance Framework to get in touch with us for further discussion. If you are unsure about how this framework applies to your organisation or need to explore its relevance more thoroughly, we encourage you to investigate internally. Your insights are invaluable as we work together to enhance assurance practices in our communities.
Guidance
It may not be possible for a central IdP operator to be aware of all the use-cases that their IdP supports – particularly regarding some emerging scenarios around access to sensitive research systems.
One way to get a hint as to whether your users may require the use of this framework in the future is to check your authentication logs for interactions with a given set of services which we’ve identified as likely to need such changes soon. The list is below.
Shibboleth Identity Provider
If you’re using the Shibboleth Identity Provider then you may be able to check your logs by interrogating the idp-audit log.
- Linux → https://www.ukfederation.org.uk/content/Documents/IdPBasicReporting
- On Windows → https://www.ukfederation.org.uk/content/Documents/IdPBasicReportingWindows
Data review
You should check for the prevalence of these Service Provider entityIDs:
- https://federation.nih.gov/FederationGateway
- https://proxy.myaccessid.org/metadata/backend.xml
- https://safe.epcc.ed.ac.uk/shibboleth
- https://aai.egi.eu/proxy/module.php/saml/sp/metadata.php/sso
- https://cilogon.org/shibboleth
- https://iris-iam.stfc.ac.uk/sp-entityID
- https://sp-proxy.cern.ch/saml2sp/saml2_backend.xml
- https://b2access.eudat.eu:8443/unitygw/saml-sp-metadata
- https://orcid.org/saml2/sp/1
- https://aai.openaire.eu/proxy/module.php/saml/sp/metadata.php/sso
- https://safari.data-archive.ac.uk/shibboleth-sp
If you notice use of these services then you should investigate further. If possible, interrogate your logs further to ascertain which users are making use of these services and enquire as to their use-cases. You can also make contact with us (via service@ukfederation.org.uk) to assist. read more...
UK federation update December 2025
Posted on Wednesday, 3 December 2025
Service desk closure for Christmas break 2025-2026
As with most areas of Jisc, the UK federation service desk will be taking an extended break over Christmas and New Year. The helpdesk will be unavailable from 12:00 on Wednesday 24 December 2025, and will reopen at 09:00 on Monday 5 January 2026. If you submit a request to service@ukfederation.org.uk during this period, your email will be logged, but we won't be able to respond until we return.
Please note that any metadata changes need to be submitted by 18 December to be considered for publication; otherwise, they will be addressed from 5 January 2026 onwards.
UK federation metadata will be automatically re-published over the holiday period. While we won't make changes to UK federation-registered entities, there may be updates due to entities imported via eduGAIN. read more...