Advisory for OpenAthens customers using custom SAML resources.
Identified - Institutional customers using custom SAML resources in OpenAthens should be aware of security vulnerabilities in Shibboleth Service Provider software and SimpleSAML Service Provider software which might affect the vendors they are connecting with.

What you need to do: We suggest institutional customers using custom SAML resources in OpenAthens send these links to their vendors and ask them to confirm their Service Provider software is either unaffected or that the vulnerability has been addressed. To find the resources, please go into the admin area and look at the custom tab within the resource catalogue, you only need to concern yourself with the ones that say SAML.

You can find more information here:
https://shibboleth.net/pipermail/announce/2025-March/000337.html
https://simplesamlphp.org/security/202501-01

For the avoidance of doubt: these vulnerabilities do NOT affect the OpenAthens service. Please direct all queries to the vendors for which your institution is using custom SAML resources in OpenAthens.
Mar 18, 2025 - 15:18 GMT
Authentication Point ? Operational
Authentication API ? Operational
Authentication broker ? Operational
Managed Proxy service ? Operational
OpenAthens Federation ? Operational
OpenAthens Keystone ? Operational
Redirector ? Operational
Wayfinder ? Operational
MyAthens user portal ? Operational
Self-registration service ? Operational
Account Administration website ? Operational
Administration API ? Operational
OpenAthens Reporting ? Operational
SP Dashboard ? Operational
Service Desk portal ? Operational
Documentation website ? Operational
Email services ? Operational
Service Desk Telephony Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
May 17, 2025

No incidents reported today.

May 16, 2025

No incidents reported.

May 15, 2025

No incidents reported.

May 14, 2025

No incidents reported.

May 13, 2025

No incidents reported.

May 12, 2025

No incidents reported.

May 11, 2025

No incidents reported.

May 10, 2025

No incidents reported.

May 9, 2025
Degradation Of Service - SP Dashboard
Resolved - We have released a fix and enabled the save changes button for connections in the service provider dashboard.
May 9, 11:18 BST
Update - We have now disabled the save changes button for connections in the service provider. If you require assistance making any changes please contact the OpenAthens service desk. https://www.openathens.net/support/
May 2, 11:53 BST
Investigating - We’re looking into an issue that’s affecting the following service.

SP Dashboard

Some connection rulesets are showing as disabled where they were enabled before. This is an issue in the user interface and the connections and rulesets are still working despite showing as disabled. Please be aware that if you press the save changes button while it's in the incorrect state, it will still save and therefore your connections may break for customers. In the mean time, we are disabling the save changes button. If you notice any issues with your connections then please contact the OpenAthens service desk https://www.openathens.net/support/
May 2, 10:41 BST
May 8, 2025

No incidents reported.

May 7, 2025

No incidents reported.

May 6, 2025

No incidents reported.

May 5, 2025

No incidents reported.

May 4, 2025

No incidents reported.

May 3, 2025

No incidents reported.

Incident History Powered by Atlassian Statuspage