AAF Support

The AAF Support desk is monitored Monday to Friday 8am – 4pm AEST | [email protected]

AAF Notifications

	Security Alert: urgent update required
	A Shibboleth SP vulnerability has been confirmed in the OpenSAML libraries affecting non-XML signature features in the Redirect and POST-SimpleSign bindings. This flaw exposes Shibboleth SP to critical SSO forgery/impersonation attacks. If you use RapidConnect or OpenID Connect (OIDC) for your AAF service, you are not affected by this vulnerability. Official advisory: https://shibboleth.net/community/advisories/secadv_20250313.txt Affected versions of Shibboleth SP: 3.5 or older Recommendation Linux users: Please see recommendations from the official advisory https://shibboleth.net/community/advisories/secadv_20250313.txt to update to V3.3.1 (or later) of the OpenSAML library package. This is typically achieved by using your package manager, i.e. yum update opensaml or yum update shibboleth. The shibd process will require a restart after the upgrade. The OpenSAML version should be omitted in shibd logs (should be at least 3.3.1 to indicate the fix is applied). e.g. 2025-03-16 11:30:44 INFO OpenSAML.Config : opensaml 3.3.1 library initialization complete Windows users: Upgrade Shibboleth SP to 3.5.0.1 or newer Upgrade advice for Windows, see https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335545/Install+on+Windows#Upgrades Official Shibboleth SP release notes: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335693/ReleaseNotes Should you experience any difficulties, please contact AAF Support. Email: [email protected] \| Web: support.aaf.edu.au

AAF Updates

Current events underway within the AAF and the ORCID Consourtium

Shibboleth V5

Time to start planning your Shibboleth IdP upgrade. The current stable release of the Identity Provider is V5.1.2 and the previous stable release is V4.3.3.

For users of AAFs RapidIdP hosted IdP solution there is nothing to do, the AAF will upgrade your IdP with zero downtime. Click here more information about RapidIdP.

We will be in contact with all non-RapidIdP subscribers to discuss your upgrade plans.

The Shibboleth IdP V4 software will leave support on September 1, 2024.

If you have any questions or would like assistance upgrading your IdP please contact us at [email protected].

AAF Compliance 2025

As you prepare for compliance, please note some important changes to the Federation Rules.

Two new attributes, SAMLSubjectID and SAMLPairwiseID, have been added to the AAF core attributes, see Federation Rules, APPENDIX 1 CORE ATTRIBUTES.

Both attributes will be used as future replacements for both the eduPersonTargetedID and auEduPersonSharedToken. These will be provided to members as part of the Shibboleth V5 upgrade later in 2024. More information will be provided soon regarding this upgrade.

The eduPersonAssurance value is also changing to align with the values defined in the REFEDS Assurance Framework version 2.0.

You are not expected to have these attributes in place for this Compliance round however we do require IdP’s to have these attributes in place by June 2025.

If you need assistance or have any questions, please contact [email protected]

Newsletter Sign-up

To receive regular updates from AAF:
Add Me to the General List or Add Me to the Technical List or Add Me to the ORCID mailing list

Home

Announcements

Knowledge Base

Ask for Help

ABN 13 155 355 685
Trade Mark: 169 1608 ®

Privacy Policy

Privacy Collection Notice