Identified - Institutional customers using custom SAML resources in OpenAthens should be aware of security vulnerabilities in Shibboleth Service Provider software and SimpleSAML Service Provider software which might affect the vendors they are connecting with.
What you need to do: We suggest institutional customers using custom SAML resources in OpenAthens send these links to their vendors and ask them to confirm their Service Provider software is either unaffected or that the vulnerability has been addressed. To find the resources, please go into the admin area and look at the custom tab within the resource catalogue, you only need to concern yourself with the ones that say SAML.
For the avoidance of doubt: these vulnerabilities do NOT affect the OpenAthens service. Please direct all queries to the vendors for which your institution is using custom SAML resources in OpenAthens.
Mar 18, 2025 - 15:18 GMT
Resolved -
We have released a fix and enabled the save changes button for connections in the service provider dashboard.
May 9, 11:18 BST
Update -
We have now disabled the save changes button for connections in the service provider. If you require assistance making any changes please contact the OpenAthens service desk. https://www.openathens.net/support/
May 2, 11:53 BST
Investigating -
We’re looking into an issue that’s affecting the following service.
SP Dashboard
Some connection rulesets are showing as disabled where they were enabled before. This is an issue in the user interface and the connections and rulesets are still working despite showing as disabled. Please be aware that if you press the save changes button while it's in the incorrect state, it will still save and therefore your connections may break for customers. In the mean time, we are disabling the save changes button. If you notice any issues with your connections then please contact the OpenAthens service desk https://www.openathens.net/support/
May 2, 10:41 BST