UK Access Management Federation
for Education and Research
The UK federation is operated by Jisc and provides a single solution to accessing online resources and services for education and research. Here is some information on how it works and its benefits.
Eligible organisations are invited to join the current membership.
Latest news
Central Discovery Service closing
Posted on Monday, 22 January 2024
Since the inception of the UK federation in 2007, we have operated a Central Discovery Service (CDS) which lives at wayf.ukfederation.org.uk. This is, currently, one way resource providers can determine where their end user is coming from and consequently which institution they have to be directed to, in order to authenticate and log on. We have always considered the CDS as a discovery option of "last resort".
However due to changes in the landscape the UK federation is closing the CDS on 29 February 2024. Affected service providers (SPs) are moving to an alternative discovery method before then to ensure continued access for end users. This change affects a small number of SPs who use the CDS. The vast majority of SPs already conduct their own discovery. Identity Providers (IdPs) are not affected by this change. We have contacted all affected services, however, should you be unsure if your service uses the CDS and needs to take action please contact the service desk service@ukfederation.org.uk.
The UK federation will be holding a clinic via Zoom (which will be recorded) about the changes on 1 February 2024 at 13:00. Anyone who would like to attend should email mark.williams@jisc.ac.uk to be provided with access details.
We are keen to work with you to minimise any disruption to end users, so affected service providers should keep us updated of their chosen migration plans and reach out with any questions.
More information about discovery, and alternative discovery methods can be found here.
In the interim the UK federation will shortly implement controls to prevent new usage of the CDS, any service provider that has used the service within the past 90 days will be unaffected by the controls being implemented.
For additional support, the UK federation helpdesk is available at service@ukfederation.org.uk.
Who's supplying the keys?
Posted on Tuesday, 24 October 2023
A recent incident affecting a very small number of entities in the UK federation has surfaced issues arising from IdPs and SPs using default cryptographic keys. The risk of using a default key is that someone may impersonate you. As a Service Provider (SP) they may obtain information from an Identity Provider (IdP), whilst hard to achieve, it is not impossible. The risk of an IdP using a default key is that someone may impersonate your IdP almost trivially.
Proposals for a Federated Credential Management API
Posted on Tuesday, 24 October 2023
User tracking for digital marketing can violate user privacy on the web. Now that browser vendors are looking to implement methods to stop user tracking, we must ensure these methods do not undermine other frameworks which protect privacy, such as Single Sign On through the UK federation, SAML and OpenID Connect. Jisc is monitoring these proposals from browser vendors and will keep UK federation members updated.
Improving assurance about federated identities
Posted on Tuesday, 24 October 2023
Some services available through the UK federation require more assurance about federated accounts than eduPersonScopedAffiliation by itself. Service owners are asking questions like "has the home organisation seen government-issued photo identification about the account holder?" or "is the identifier re-used when the person leaves?" If you are asking similar questions, you may find the REFEDS Assurance Framework (https://refeds.org/assurance) useful.
Shibboleth IdP version 5 has been released
Posted on Tuesday, 24 October 2023
In September 2023, the Shibboleth Project released version 5 of the Shibboleth IdP. The Shibboleth Project has also given notice that the planned end of life date for version 4 is 1 September 2024. Until then, they will be issuing security patches for version 4 if necessary, although there will be no further functional enhancements.
End of Support for Shibboleth v3 IdP
Posted on Tuesday, 24 October 2023
Shibboleth IdP version 3 reached its end of life at the end of 2020. The Shibboleth project is not providing any security releases for this version and there are no bugfix releases. Please ensure you are not using this version.