UK federation service desk closure for Winter break 2024-2025

Posted on Thursday, 12 December 2024

As with most areas of Jisc, the UK federation service desk will be taking an extended break over Christmas and New Year. The helpdesk will be unavailable from 12:00 on Tuesday, 24th December 2024, and will reopen at 10:00 on Thursday, 2nd January 2025. If you submit a request to service@ukfederation.org.uk during this period, your email will be logged, but we won't be able to respond until we return. Please note that any metadata changes need to be submitted by 19th December to be considered for publication; otherwise, they will be addressed from 2nd January 2025 onwards.

UK federation metadata will be automatically re-published over the holiday period. While we won't make changes to UK federation-registered entities, there may be updates due to entities imported via eduGAIN.

read more... Edited by MattHuckson

Attention UK federation Participants using Shibboleth Identity Provider (IdP) with Jetty on Windows

Posted on Friday, 29 November 2024

The Jetty project has announced the end of life for Jetty version 11 is the end of this year. The Shibboleth project has worked diligently to provide Jetty 12 for use with Shibboleth IdP version 5. Please ensure you upgrade from Jetty 11 to Jetty 12 before January 1, 2025.

read more... Edited by MattHuckson

UK federation authentication gateways webinar - November 2024

Posted on Friday, 27 September 2024

The UK federation are organising a webinar, featuring a guest speaker from the Finnish Federation to discuss authentication gateways for Shibboleth.

read more... Edited by MattHuckson

Critical security flaw in ruby-saml library

Posted on Thursday, 19 September 2024

The federation has been made aware of a critical security flaw in ruby-saml -- a Ruby based SAML library used by some participants of the federation.

https://nvd.nist.gov/vuln/detail/CVE-2024-45409

From the security announcement:

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 [sic] and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system.
This vulnerability is fixed in 1.17.0 and 1.12.3.

Affected versions of ruby-saml are any that are up to and including 1.12.2 and between 1.13.6 and 1.16.0.

We're aware that Omniauth's SAML implementation (up to and including version 2.1.0) is also based on this library and is fixed in version 2.2.0.

We recommend that you check whether you're using this library or Omniauth and take appropriate action as soon as possible.

read more... Edited by MattHuckson

Infrastructure upgrade work on the UK Federation metadata publication

Posted on Wednesday, 10 July 2024

We recently carried out infrastructure upgrade work on the UK Federation metadata publication.   These changes will have gone unnoticed to the majority of our customers and your retrieval of the UK Federation metadata would have continued as normal if you are using the correct FQDN for the metadata aggregate (http://metadata.ukfederation.org.uk/ukfederation-metadata.xml) or MDQ (http://mdq.ukfederation.org.uk/).

read more... Edited by MattHuckson

Shibboleth version 5 upgrade webinar

Posted on Tuesday, 25 June 2024

We held a webinar on Tuesday 25 June where we discussed the Shibboleth version 5 upgrade and the technical changes, plugins and the features with Shibboleth.

read more... Edited by MattHuckson

UK federation Shibboleth IdP Upgrade Webinar

Posted on Tuesday, 11 June 2024

Technical participation in the UK federation can be achieved through various means, including running Shibboleth themselves, purchasing OpenAthens, using the Jisc trust and identity consultancy service, and getting support from other third parties.

Consequently, organisations operating their own deployment of Shibboleth may like to know the UK federation has published documentation for organisations upgrading from Shibboleth IdP v4 to Shibboleth IdP v5.

read more... Edited by SteveGlover

Central Discovery Service closing

Posted on Monday, 22 January 2024

Since the inception of the UK federation in 2007, we have operated a Central Discovery Service (CDS) which lives at wayf.ukfederation.org.uk. This is, currently, one way resource providers can determine where their end user is coming from and consequently which institution they have to be directed to, in order to authenticate and log on. We have always considered the CDS as a discovery option of "last resort".

However due to changes in the landscape the UK federation is closing the CDS on 29 February 2024. Affected service providers (SPs) are moving to an alternative discovery method before then to ensure continued access for end users. This change affects a small number of SPs who use the CDS. The vast majority of SPs already conduct their own discovery. Identity Providers (IdPs) are not affected by this change. We have contacted all affected services, however, should you be unsure if your service uses the CDS and needs to take action please contact the service desk service@ukfederation.org.uk.

read more... Edited by SteveGlover