CAF Newsletter: January 2021

Important: Shibboleth Upgrade Recommended

In December 2020, all CAF Technical Contacts were sent an email highlighting the necessity of upgrading to the 4.0.x version of Shibboleth. We strongly recommend that this upgrade be done as soon as possible. Here is why this upgrade is important:

Issue: Shibboleth Identity Provider version 3.x series reached “end of life” (EOL) at the end of 2020. In addition, the underlying Spring Framework 4.x on which IdP 3.x is built also reached EOL at the end of 2020.

Impact: The Shibboleth Consortium will no longer provide any security patches or releases for IdP 3.x as of January 1, 2021. This means that while the Identity Provider should continue to function after December 31, 2020, there will be no security updates applied. As a result, your Identity Provider’s underlying software libraries and dependencies will be at risk from any security vulnerabilities that arise.

Additionally, your organization risks losing Sirtfi security designation in the metadata, which may halt researchers’ access to critical services and resources.

Remediation:

  1. If running an older Shibboleth IdP, please update to Shibboleth Identity Provider 4.x. as soon as possible. Our team has prepared instructions to guide you through the update, including recommended strategies, installation techniques, reference materials, and tips for accessing new features. View guide: https://www.canarie.ca/shibboleth-v4-upgrade-guidance
  2. If you cannot complete your upgrade in January 2021, please contact [email protected] before January 29, 2021 with your expected remediation date. Upgrades must be completed no later than March 31, 2021.

If you have any question, please reach out to us directly at: [email protected]

Please Register: Shibboleth Upgrade Webinar

The CAF team has two upcoming webinars that can guide you through the upgrade process and answer any questions you might have. Please register for the session that best suits your schedule:

  • January 20, 2021 | 1:00 – 2:00 p.m. ET
  • January 21, 2021 | 1:00 – 2:00 p.m. ET

If you have not upgraded to the new version of Shibboleth, we hope to see you at the webinars.

Important: Android 11 QPR1 Update Requires CAT Profile Change

In late November, Rafal Lawrukiewicz sent out a notice to CAF Technical Contacts about the then upcoming Android update on December 11. That date has now passed, and the update has been released. For those who still need to update, we’d like to highlight the required solution to Android 11 QPR1.

  • Issue/Risk: The December Android 11 QPR1 security update changes how certificates are handled for Wi-Fi security. This means Android eduroam users will lose the ability to connect to eduroam unless they use the eduroam CAT profile.
  • Solution: Create and launch your eduroam CAT profile, available for download from the cat.eduroam.org portal.

If you have any questions, please reach out to us directly at: [email protected]

New FIM Service Available: MyCreds

On December 7, 2020, the Association of Registrars of Universities and Colleges of Canada (ARUCC) announced the official launch of MyCreds.

MyCreds is a service that allows for quick access and distribution of transcripts, graduation awards, credentials, badges, and other academic documents. MyCreds offers universities and colleges the benefits of quicker and more efficient processing when obtaining these documents and credentials, while also establishing a level of trust with each document being digitally certified.

For those interested in finding out more about MyCreds, please refer to their website: https://mycreds.ca

For questions on MyCreds and how it relates to your Federated Identity Management services, please contact: [email protected]

Spotlight: Enable Your Researchers with Access to GlobusOnline, CILogon, and more, through Sirtfi!

All of these services have one thing in common:

They each require Security Incident Response Trust Framework for Federated Identity (Sirtfi) compliance to access them.

Sirtfi is an assurance framework that ensures that participating organizations follow defined best practices in operational security, incident response, and traceability. A Sirtfi designation marks you as a trusted partner within the eduGAIN community, opening doors to an ever-growing catalogue of research and education services. Also, if your organization provides services to the research and education community, Sirtfi compliance will open your services to those institutions who only authenticate with Sirtfi compliant services.

If you’d like to learn more about how Sirtfi can benefit you, please visit: https://refeds.org

If you’d like to begin your application for Sirtfi Compliance, please complete this form: surveymonkey.ca/r/caf-sirtfi

Should you have any questions, please contact us directly at: [email protected]