Shibboleth
Shibboleth Virtual Working Group Meeting, May 20th, 1:30 EDT
IAM Online is sponsoring a set of "virtual" working group meetings for
various IAM projects and activities to update the community. Shibboleth is
one of the projects providing an update, so the community is welcome to
attend.
Agendas and connection information for the meetings can be found here:
https://spaces.internet2.edu/x/NYBHAg
The Shibboleth portion is scheduled for next Monday, May 20th, at 1:30 -
2:45 EDT. I would expect we'll have ample time for questions. Feel free to
submit any questions you might like to see covered to our
[hidden email] address ahead of time as well.
Hope you can attend.
-- Scott
--
To unsubscribe from this list send an email to [hidden email]
various IAM projects and activities to update the community. Shibboleth is
one of the projects providing an update, so the community is welcome to
attend.
Agendas and connection information for the meetings can be found here:
https://spaces.internet2.edu/x/NYBHAg
The Shibboleth portion is scheduled for next Monday, May 20th, at 1:30 -
2:45 EDT. I would expect we'll have ample time for questions. Feel free to
submit any questions you might like to see covered to our
[hidden email] address ahead of time as well.
Hope you can attend.
-- Scott
--
To unsubscribe from this list send an email to [hidden email]
Categories: Shibboleth
Shibboleth issue tracker down for maintenance Fri Apr 26 4pm EDT
I will be updating the Jira instance at issues.shibboleth.net this
afternoon at 4pm EDT, with downtime expected in the area of an hour.
-- Scott
--
To unsubscribe from this list send an email to [hidden email]
afternoon at 4pm EDT, with downtime expected in the area of an hour.
-- Scott
--
To unsubscribe from this list send an email to [hidden email]
Categories: Shibboleth
Windows Installer for 2.4.0 Identity Provider available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Windows Installer (MSI) for the 2.4.0 Identity Provider release
is now available from the download site:
http://shibboleth.net/downloads/identity-provider/latest/
== Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
iQIcBAEBCgAGBQJRctIhAAoJEDeLhFQCJ3livVMP/06eqUFd+/jlj81KqEanc1Ja
zTnj4dcfR7+hTeh5L5NuQQBw69MbuCcM5P66APw0fI8fLQHdQPMRJjcrrnPL9+iv
oIa9Xw7J/NTWu3rF/6QjIty5bc5NFadCJO7iwWh2UnXzSKuvz9Gt8Fk7HHpZWOFP
IUWexj2aJ8LkUmnvPoPiT737BApRM0sHULI79qhqTyYJBBuVSbvqM5gO0QEg2tjw
XekqwY7iHAzCheRlGdokmCsBoRnZ33rgTPi7MTwDeYMQ6iDi2t6BsjkRY0yApA1M
AB89wEr4M+CokGxdHRkmQwod+a21dhQDz+V/3ofSxxiB5wzVrhq5t6Dtfry/gYW7
YA2VV150sqOXcZQ6ry5yqtbvk16W0a/6axRK8ztXvnEPobPqyZuoq+FBL10T9xLW
nHrCwcUt6nLWSlj9n1/glIdEs0gJoK/pY+lcbqaFjLM6EfjAGH3QA8/cMofdSyjg
C3Qk1YRuLU8juNnbTRNv6tqufN4eg6Efv/9tXG7uhk7/nANdrR3P9Id/3C93qIjz
tzGRTfd9CeZDV61mpvzDztSA9ez+S8a5u9w7ygz625SdxGDH8oOlmsxeOz9Gz6/V
nOkzMTDlfrD+NQgHnfcxVJXfMkgQ/3YLk+WTsjsNOOBESs7ndglr97ZnT0V10VZD
jWWoFogfxH3nOeca9YKb
=hj7o
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Hash: SHA512
The Windows Installer (MSI) for the 2.4.0 Identity Provider release
is now available from the download site:
http://shibboleth.net/downloads/identity-provider/latest/
== Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
iQIcBAEBCgAGBQJRctIhAAoJEDeLhFQCJ3livVMP/06eqUFd+/jlj81KqEanc1Ja
zTnj4dcfR7+hTeh5L5NuQQBw69MbuCcM5P66APw0fI8fLQHdQPMRJjcrrnPL9+iv
oIa9Xw7J/NTWu3rF/6QjIty5bc5NFadCJO7iwWh2UnXzSKuvz9Gt8Fk7HHpZWOFP
IUWexj2aJ8LkUmnvPoPiT737BApRM0sHULI79qhqTyYJBBuVSbvqM5gO0QEg2tjw
XekqwY7iHAzCheRlGdokmCsBoRnZ33rgTPi7MTwDeYMQ6iDi2t6BsjkRY0yApA1M
AB89wEr4M+CokGxdHRkmQwod+a21dhQDz+V/3ofSxxiB5wzVrhq5t6Dtfry/gYW7
YA2VV150sqOXcZQ6ry5yqtbvk16W0a/6axRK8ztXvnEPobPqyZuoq+FBL10T9xLW
nHrCwcUt6nLWSlj9n1/glIdEs0gJoK/pY+lcbqaFjLM6EfjAGH3QA8/cMofdSyjg
C3Qk1YRuLU8juNnbTRNv6tqufN4eg6Efv/9tXG7uhk7/nANdrR3P9Id/3C93qIjz
tzGRTfd9CeZDV61mpvzDztSA9ez+S8a5u9w7ygz625SdxGDH8oOlmsxeOz9Gz6/V
nOkzMTDlfrD+NQgHnfcxVJXfMkgQ/3YLk+WTsjsNOOBESs7ndglr97ZnT0V10VZD
jWWoFogfxH3nOeca9YKb
=hj7o
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Categories: Shibboleth
XmlSecTool V1.2.0 is available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The Shibboleth Project is pleased to announce the release of
V1.2.0 of the XML Security Tool (XmlSecTool) utility.
This release adds the ability to sign XML documents using
stronger digest functions than the default SHA-1, and to
reject signatures made using weak digest functions.
By default, this release of XmlSecTool rejects signatures
made using the MD5 digest function, which is now regarded
as unsafe.
A number of other features and bug fixes are included in this
release; a complete list of issues addressed can be found at:
https://issues.shibboleth.net/jira/issues/?filter=10273
The online documentation for XmlSecTool has been greatly enhanced
to cover a number of the new features in detail:
https://wiki.shibboleth.net/confluence/display/SHIB2/XmlSecTool
Thank you to all of the community members who reported issues
and helped test this release.
-- Ian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJRbwDUAAoJEJqATpfXB5x3Vm0QAJ1sfPOdYm/Gi7TJtIYlQa1Q
Ls6iHi/0QWk2YKIAIts7OMHHNmCRL3BXsYxwQCsOLQXxqpC/s/d7mS4CgJ8l+wor
A64KYqOXCEvjp6ZuDqw1gdOhgQomKnfbWa+mlx5QwmTss4dPiggtMVXqSBIVzdOt
4Fad9K99LPGQ1hXJSN/VejSUWsuM1EuulGEoD+nk4z07vK8uDynWLRxO4Bzqvqbw
hd/qNJRVlqaaYyKoi6SR2yJifD7P+NfIpeXs351nwcjw4oP1bUmP+adgZ2k3hnrh
/izvL4hSNYfAx6dKinspNA8T3Sz/UTYUaIvAczlU7va6T3XItVHn5FXYvV7gaH3Y
Y3HlZKja+O1A50p0k7+dFc6Wq93gbjpzBvzjpEbHonFHuclSdTOcwX13VKBNFxf/
rMqQgjClxPTs4b8fPhCIALuTbBD5K2j2SaC4gtlsFaMJhDfBrNLpKYWyYQGg7/Z3
okgoSVcKg+NaXJjCM8FOro3ETcz0h9dp46DN9iuPyVl8fFHlxP2gEKvNWWv2C17b
SfgHAJvv0HxPCQC7PE+3Z6XX2zfcGf/B/ZPcm2tKY0TC2NHgJlUSESH98cz9vDar
K0WDtbiiBwjULnW/RGg4k707FMWXkCIep/UR84OlWcaEVCgxQiNvUDFdI1O6KGuy
VhXQd4f14g9wv5wfZRzH
=G52W
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Hash: SHA256
The Shibboleth Project is pleased to announce the release of
V1.2.0 of the XML Security Tool (XmlSecTool) utility.
This release adds the ability to sign XML documents using
stronger digest functions than the default SHA-1, and to
reject signatures made using weak digest functions.
By default, this release of XmlSecTool rejects signatures
made using the MD5 digest function, which is now regarded
as unsafe.
A number of other features and bug fixes are included in this
release; a complete list of issues addressed can be found at:
https://issues.shibboleth.net/jira/issues/?filter=10273
The online documentation for XmlSecTool has been greatly enhanced
to cover a number of the new features in detail:
https://wiki.shibboleth.net/confluence/display/SHIB2/XmlSecTool
Thank you to all of the community members who reported issues
and helped test this release.
-- Ian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJRbwDUAAoJEJqATpfXB5x3Vm0QAJ1sfPOdYm/Gi7TJtIYlQa1Q
Ls6iHi/0QWk2YKIAIts7OMHHNmCRL3BXsYxwQCsOLQXxqpC/s/d7mS4CgJ8l+wor
A64KYqOXCEvjp6ZuDqw1gdOhgQomKnfbWa+mlx5QwmTss4dPiggtMVXqSBIVzdOt
4Fad9K99LPGQ1hXJSN/VejSUWsuM1EuulGEoD+nk4z07vK8uDynWLRxO4Bzqvqbw
hd/qNJRVlqaaYyKoi6SR2yJifD7P+NfIpeXs351nwcjw4oP1bUmP+adgZ2k3hnrh
/izvL4hSNYfAx6dKinspNA8T3Sz/UTYUaIvAczlU7va6T3XItVHn5FXYvV7gaH3Y
Y3HlZKja+O1A50p0k7+dFc6Wq93gbjpzBvzjpEbHonFHuclSdTOcwX13VKBNFxf/
rMqQgjClxPTs4b8fPhCIALuTbBD5K2j2SaC4gtlsFaMJhDfBrNLpKYWyYQGg7/Z3
okgoSVcKg+NaXJjCM8FOro3ETcz0h9dp46DN9iuPyVl8fFHlxP2gEKvNWWv2C17b
SfgHAJvv0HxPCQC7PE+3Z6XX2zfcGf/B/ZPcm2tKY0TC2NHgJlUSESH98cz9vDar
K0WDtbiiBwjULnW/RGg4k707FMWXkCIep/UR84OlWcaEVCgxQiNvUDFdI1O6KGuy
VhXQd4f14g9wv5wfZRzH
=G52W
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Categories: Shibboleth
Shibboleth Identity Provider Security Advisory 20130417a: Metadata Provider HTTPS Hostname Verification
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Shibboleth Security Advisory [ 17 April 2013 ]
Identity Provider HTTPS Connections With HTTP-based Metadata Providers
Do Not Perform Hostname Verification
=======================================================================
The HTTPMetadataProvider and FileBackedHTTPMetadataProvider implementations
in the IdP make use of the Jakarta Commons HttpClient version 3.x. When
used with an HTTPS scheme, HttpClient by default does not perform
verification of the server hostname against the server's X.509 certificate.
The lack of hostname verification means that while the connection between
the IdP and HTTPS server is encrypted, the IdP has no way to verify
it's actually communicating with the appropriate HTTPS server hosting
the metadata.
Affected Versions
=================
Versions of the Identity Provider < 2.4.0
Note that if the remote metadata being retrieved with the provider is
signed using an XML signature by the metadata publisher or source, and
the provider is properly configured to validate this metadata signature,
then this issue has greatly reduced practical significance. In this case,
the use of HTTPS is unnecessary for authentication of the metadata source,
and any issues such as this concerning transport layer security, such as
certificate trust evaluation and hostname verification, are largely irrelevant.
Recommendations
===============
Upgrade to IdP 2.4.0 or greater, which configures an appropriate hostname
verifier for use with HttpClient, or publish and consume only signed
metadata along with appropriately-configured signature validation within
the metadata provider.
Note that in v2.4.0 and above, use of the provider configuration
option 'disregardSslCertificate' will disable hostname
verification as well as TLS certificate trust evaluation.
Credits
=======
Takeshi Nishimura, National Institute of Informatics, Japan
URL for this Security Advisory
http://shibboleth.net/community/advisories/secadv_20130417a.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEAREKAAYFAlFu5h8ACgkQTTdwW2HLCz8bNgCeMM5kH4BpCrr9y4zA8n1Akhbu
wv0AnA0ICKUJTQZpxeKjlrYZZTB5chGd
=ZlL2
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Hash: SHA512
Shibboleth Security Advisory [ 17 April 2013 ]
Identity Provider HTTPS Connections With HTTP-based Metadata Providers
Do Not Perform Hostname Verification
=======================================================================
The HTTPMetadataProvider and FileBackedHTTPMetadataProvider implementations
in the IdP make use of the Jakarta Commons HttpClient version 3.x. When
used with an HTTPS scheme, HttpClient by default does not perform
verification of the server hostname against the server's X.509 certificate.
The lack of hostname verification means that while the connection between
the IdP and HTTPS server is encrypted, the IdP has no way to verify
it's actually communicating with the appropriate HTTPS server hosting
the metadata.
Affected Versions
=================
Versions of the Identity Provider < 2.4.0
Note that if the remote metadata being retrieved with the provider is
signed using an XML signature by the metadata publisher or source, and
the provider is properly configured to validate this metadata signature,
then this issue has greatly reduced practical significance. In this case,
the use of HTTPS is unnecessary for authentication of the metadata source,
and any issues such as this concerning transport layer security, such as
certificate trust evaluation and hostname verification, are largely irrelevant.
Recommendations
===============
Upgrade to IdP 2.4.0 or greater, which configures an appropriate hostname
verifier for use with HttpClient, or publish and consume only signed
metadata along with appropriately-configured signature validation within
the metadata provider.
Note that in v2.4.0 and above, use of the provider configuration
option 'disregardSslCertificate' will disable hostname
verification as well as TLS certificate trust evaluation.
Credits
=======
Takeshi Nishimura, National Institute of Informatics, Japan
URL for this Security Advisory
http://shibboleth.net/community/advisories/secadv_20130417a.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEAREKAAYFAlFu5h8ACgkQTTdwW2HLCz8bNgCeMM5kH4BpCrr9y4zA8n1Akhbu
wv0AnA0ICKUJTQZpxeKjlrYZZTB5chGd
=ZlL2
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Categories: Shibboleth
Shibboleth Identity Provider Security Advisory 20130417: Metadata Provider 'disregardSslCertificate' Option
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Shibboleth Security Advisory [ 17 April 2013 ]
Identity Provider HTTPS Connections In Metadata Providers May Exhibit
Unexpected Behavior When Used With The 'disregardSslCertificate' Option
=======================================================================
The HTTPMetadataProvider and FileBackedHTTPMetadataProvider implementations
in the IdP support a configuration option 'disregardSslCertificate' to
disable TLS certificate trust evaluation when the provider is configured
with a URL containing an HTTPS scheme. It was discovered that, due to
limitations of the Jakara Commons HttpClient 3.x API, this option has a
global effect on all metadata providers configured with URLs having an HTTPS
scheme.
This will result in unintended behavior of the provider with respect to
TLS certificate trust evaluation if there are multiple metadata providers
defined in relying-party.xml with HTTPS schemes and mixed usage of the
'disregardSslCertificate' option amongst them (meaning some providers
have an effective value of 'disregardSslCertificate=true' and some have
an effective value of 'disregardSslCertificate=false').
The exact undesired behavior will vary with IdP version. For versions up
to and including 2.3.8, all HTTPS providers will have certificate trust
evaluation disabled if there is at least one provider with
'disregardSslCertificate=true'. For versions 2.4.0 and greater, the effective
setting of 'disregardSslCertificate' on the HTTPS provider defined last
in document order within relying-party.xml will determine the setting
in effect for all HTTPS providers.
Affected Versions
=================
All versions of the Identity Provider 2.x
Note that if the remote metadata being retrieved with the provider is
signed using an XML signature by the metadata publisher or source, and
the provider is properly configured to validate this metadata signature,
then this issue has greatly reduced practical significance. In this case,
the use of HTTPS is unnecessary for authentication of the metadata source,
and any issues such as this concerning transport layer security, such as
certificate trust evaluation and hostname verification, are largely irrelevant.
Recommendations
===============
The best remediation is to publish and consume only signed metadata along
with appropriately-configured signature validation within the metadata provider.
Otherwise, all HTTP-based metadata providers which use an HTTPS scheme should be
configured with the same effective setting for 'disregardSslCertificate'.
The consequence is that all HTTPS providers must and will use the same TLS
certificate trust processing behavior as determined by the value of this option.
The Shibboleth developer team recognizes that this requirement is not ideal.
The issue will be fixed in IdP 3.x with a change to use Apache HttpClient 4.x,
whose API does not suffer from the limitations of the (now end-of-life) Jakarta
Commons HttpClient 3.x.
Credits
=======
Brent Putman, Georgetown University
URL for this Security Advisory
http://shibboleth.net/community/advisories/secadv_20130417.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEAREKAAYFAlFu5iIACgkQTTdwW2HLCz9rPQCfbwBk45CCjQ1G9X6KrHZMUkKX
pEkAn0HmngXx5BL6hs6RjlP4x8hFpbuJ
=nGiK
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Hash: SHA512
Shibboleth Security Advisory [ 17 April 2013 ]
Identity Provider HTTPS Connections In Metadata Providers May Exhibit
Unexpected Behavior When Used With The 'disregardSslCertificate' Option
=======================================================================
The HTTPMetadataProvider and FileBackedHTTPMetadataProvider implementations
in the IdP support a configuration option 'disregardSslCertificate' to
disable TLS certificate trust evaluation when the provider is configured
with a URL containing an HTTPS scheme. It was discovered that, due to
limitations of the Jakara Commons HttpClient 3.x API, this option has a
global effect on all metadata providers configured with URLs having an HTTPS
scheme.
This will result in unintended behavior of the provider with respect to
TLS certificate trust evaluation if there are multiple metadata providers
defined in relying-party.xml with HTTPS schemes and mixed usage of the
'disregardSslCertificate' option amongst them (meaning some providers
have an effective value of 'disregardSslCertificate=true' and some have
an effective value of 'disregardSslCertificate=false').
The exact undesired behavior will vary with IdP version. For versions up
to and including 2.3.8, all HTTPS providers will have certificate trust
evaluation disabled if there is at least one provider with
'disregardSslCertificate=true'. For versions 2.4.0 and greater, the effective
setting of 'disregardSslCertificate' on the HTTPS provider defined last
in document order within relying-party.xml will determine the setting
in effect for all HTTPS providers.
Affected Versions
=================
All versions of the Identity Provider 2.x
Note that if the remote metadata being retrieved with the provider is
signed using an XML signature by the metadata publisher or source, and
the provider is properly configured to validate this metadata signature,
then this issue has greatly reduced practical significance. In this case,
the use of HTTPS is unnecessary for authentication of the metadata source,
and any issues such as this concerning transport layer security, such as
certificate trust evaluation and hostname verification, are largely irrelevant.
Recommendations
===============
The best remediation is to publish and consume only signed metadata along
with appropriately-configured signature validation within the metadata provider.
Otherwise, all HTTP-based metadata providers which use an HTTPS scheme should be
configured with the same effective setting for 'disregardSslCertificate'.
The consequence is that all HTTPS providers must and will use the same TLS
certificate trust processing behavior as determined by the value of this option.
The Shibboleth developer team recognizes that this requirement is not ideal.
The issue will be fixed in IdP 3.x with a change to use Apache HttpClient 4.x,
whose API does not suffer from the limitations of the (now end-of-life) Jakarta
Commons HttpClient 3.x.
Credits
=======
Brent Putman, Georgetown University
URL for this Security Advisory
http://shibboleth.net/community/advisories/secadv_20130417.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iEYEAREKAAYFAlFu5iIACgkQTTdwW2HLCz9rPQCfbwBk45CCjQ1G9X6KrHZMUkKX
pEkAn0HmngXx5BL6hs6RjlP4x8hFpbuJ
=nGiK
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Categories: Shibboleth
Shibboleth Identity Provider V2.4.0 is available
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
The Shibboleth Project is pleased to announce the release of the
V2.4.0 Identity Provider software. This is expected to be the last
minor release of the 2.x Identity Provider software and was done to
address a number of open bugs and feature requests because of the
delays in the V3.0 work.
A complete list of issues addressed can be found at:
https://issues.shibboleth.net/jira/issues/?filter=10272
For important information relevant to upgrades, see:
https://wiki.shibboleth.net/confluence/x/koG3
Thank you to all of the testers and community members who reported
issues and helped to supply bug and feature patches for this release.
== Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
iQIcBAEBCgAGBQJRbskRAAoJEDeLhFQCJ3liqNcP/1gB/1vXsDC11owNdwSQNiLM
uTUh7muTxoM4sr+WcwhxFbJO94gFs1laYhv+Rmp4OkuTA4iBY01GGnpd6C1zhWJd
ZLxI1Kjl0axCl30Sup1wWHwWvoOT92EKBVFfWvPzYqsBX5AkHHZBtGCTI6N2gFnQ
RkbNUozyPNf1VJKIBrJdj5UtF8Ig6e8kQaqbn1jUOaon7I94JDdE9ISyZ5LGveem
4firPP1JszlZpoQFqXaoY7DHegBLQ+AaWcUoNHzqjRqgNYEzZK6vgyijt9r2T7hm
ZVzNpklDI0voiOgwgR/p6ls1lZlfeyVW3vlT8OW1z9eGyBOuuSE5qwK2Uw4e5KTT
Qxw9Fnc4YfngpGdWWQmofU44xixmmm6ABmlcJ26RDQ0bwsIzknIyjQZhBlO/T0pv
4FjkuzjSfmHsc3On4BnTtqNS3VdOYJ9EESengMMNwZLuCwxOMNsSuKlZbFrK39t0
D6ENfv+C8siMczMPK2k++RG9OdupDUnJTrZN0KXOykAPtZAqC1MnBU1JpE9ZFAo9
smm3D+jSchWtF3W2Y/Sb+8d4M4olC71EwK8FptwcU7s0BDy4Dr/MX9Fs+wTWgubh
wLG3pEj9i+yfHRHJlGj+pVsXw0kjx+hC6DbNHXCxJNfS2IjR3uSYYJ2KUAJ4rEqK
FfArJUfZTZA1fPLtHjfR
=kZoH
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Hash: SHA512
The Shibboleth Project is pleased to announce the release of the
V2.4.0 Identity Provider software. This is expected to be the last
minor release of the 2.x Identity Provider software and was done to
address a number of open bugs and feature requests because of the
delays in the V3.0 work.
A complete list of issues addressed can be found at:
https://issues.shibboleth.net/jira/issues/?filter=10272
For important information relevant to upgrades, see:
https://wiki.shibboleth.net/confluence/x/koG3
Thank you to all of the testers and community members who reported
issues and helped to supply bug and feature patches for this release.
== Scott
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
iQIcBAEBCgAGBQJRbskRAAoJEDeLhFQCJ3liqNcP/1gB/1vXsDC11owNdwSQNiLM
uTUh7muTxoM4sr+WcwhxFbJO94gFs1laYhv+Rmp4OkuTA4iBY01GGnpd6C1zhWJd
ZLxI1Kjl0axCl30Sup1wWHwWvoOT92EKBVFfWvPzYqsBX5AkHHZBtGCTI6N2gFnQ
RkbNUozyPNf1VJKIBrJdj5UtF8Ig6e8kQaqbn1jUOaon7I94JDdE9ISyZ5LGveem
4firPP1JszlZpoQFqXaoY7DHegBLQ+AaWcUoNHzqjRqgNYEzZK6vgyijt9r2T7hm
ZVzNpklDI0voiOgwgR/p6ls1lZlfeyVW3vlT8OW1z9eGyBOuuSE5qwK2Uw4e5KTT
Qxw9Fnc4YfngpGdWWQmofU44xixmmm6ABmlcJ26RDQ0bwsIzknIyjQZhBlO/T0pv
4FjkuzjSfmHsc3On4BnTtqNS3VdOYJ9EESengMMNwZLuCwxOMNsSuKlZbFrK39t0
D6ENfv+C8siMczMPK2k++RG9OdupDUnJTrZN0KXOykAPtZAqC1MnBU1JpE9ZFAo9
smm3D+jSchWtF3W2Y/Sb+8d4M4olC71EwK8FptwcU7s0BDy4Dr/MX9Fs+wTWgubh
wLG3pEj9i+yfHRHJlGj+pVsXw0kjx+hC6DbNHXCxJNfS2IjR3uSYYJ2KUAJ4rEqK
FfArJUfZTZA1fPLtHjfR
=kZoH
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Categories: Shibboleth
OpenSAML Java 2.6.0 Released
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
OpenSAML Java 2.6.0 has been released and is available
in the usual place[1].
This is a minor version release.
A full list of changes can be viewed via the Jira filter
associated with this release[2].
[1] http://shibboleth.net/downloads/java-opensaml/latest
[2] https://issues.shibboleth.net/jira/issues/?filter=10271
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFl3ooACgkQTTdwW2HLCz+zqgCcCsfcHIQ6u58Il3gmu493etOy
+pMAn3Wbk9Q0B2qUVfqhDMr7bMVYkjbm
=Ogib
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Hash: SHA1
OpenSAML Java 2.6.0 has been released and is available
in the usual place[1].
This is a minor version release.
A full list of changes can be viewed via the Jira filter
associated with this release[2].
[1] http://shibboleth.net/downloads/java-opensaml/latest
[2] https://issues.shibboleth.net/jira/issues/?filter=10271
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFl3ooACgkQTTdwW2HLCz+zqgCcCsfcHIQ6u58Il3gmu493etOy
+pMAn3Wbk9Q0B2qUVfqhDMr7bMVYkjbm
=Ogib
-----END PGP SIGNATURE-----
--
To unsubscribe from this list send an email to [hidden email]
Categories: Shibboleth
shibboleth.net downtime Fri Mar 8 9pm EST
I will be patching and rebooting the shibboleth.net server this evening
around 9pm EST so the various services will be unavailable for a few
minutes. I will be updating Java versions for some of the services as
well, which may cause some additional downtime of individual services if I
run into problems.
-- Scott
--
To unsubscribe from this list send an email to [hidden email]
smime.p7s (7K) Download Attachment
around 9pm EST so the various services will be unavailable for a few
minutes. I will be updating Java versions for some of the services as
well, which may cause some additional downtime of individual services if I
run into problems.
-- Scott
--
To unsubscribe from this list send an email to [hidden email]
smime.p7s (7K) Download Attachment
Categories: Shibboleth
