UK federation News
Shibboleth Identity Provider Security Advisory
Posted on Monday, 31 March 2025
The UK federation recommends adhering to best practices by routinely managing patches for your IdP environment. This includes subscribing to future security notifications:Shibboleth Announce.
Following the recent low-level security advisory from the Shibboleth Consortium regarding the IdP, you should update your Identity Provider software to version 5.1.4 (or later) at your earliest convenience. Although the affected code path is likely not in use by the UK federation userbase, updating will help mitigate any potential exploits.
Please ensure your software versions are patched promptly. If you have any questions or queries then please do contact the UK federation service desk
read more... Edited by MattHuckson
Security Advisory: Critical flaw in OpenSAML affecting Shibboleth Service Provider
Posted on Friday, 14 March 2025
The Shibboleth Project last night released an update and security advisory to the OpenSAML library used by the Shibboleth Service Provider. The Shibboleth developers have assessed this issue and determined its impact to be critical.
Recommended Actions:
- Update to version 3.3.1 (or later) of the OpenSAML library package as soon as possible and also subscribe to future notifications .
Detailed instructions are provided in the advisory.
Please ensure your software versions are patched promptly. If you have any questions or queries then please do contact the UK federation service desk.
read more... Edited by MattHuckson
UK federation service desk closure for Winter break 2024-2025
Posted on Thursday, 12 December 2024
As with most areas of Jisc, the UK federation service desk will be taking an extended break over Christmas and New Year. The helpdesk will be unavailable from 12:00 on Tuesday, 24th December 2024, and will reopen at 10:00 on Thursday, 2nd January 2025. If you submit a request to service@ukfederation.org.uk during this period, your email will be logged, but we won't be able to respond until we return. Please note that any metadata changes need to be submitted by 19th December to be considered for publication; otherwise, they will be addressed from 2nd January 2025 onwards.
UK federation metadata will be automatically re-published over the holiday period. While we won't make changes to UK federation-registered entities, there may be updates due to entities imported via eduGAIN.
read more... Edited by MattHuckson
Attention UK federation Participants using Shibboleth Identity Provider (IdP) with Jetty on Windows
Posted on Friday, 29 November 2024
The Jetty project has announced the end of life for Jetty version 11 is the end of this year. The Shibboleth project has worked diligently to provide Jetty 12 for use with Shibboleth IdP version 5. Please ensure you upgrade from Jetty 11 to Jetty 12 before January 1, 2025.
read more... Edited by MattHuckson
UK federation authentication gateways webinar - November 2024
Posted on Friday, 27 September 2024
The UK federation are organising a webinar, featuring a guest speaker from the Finnish Federation to discuss authentication gateways for Shibboleth.
read more... Edited by MattHuckson