We are planning to do an IdP update at 15:00 next Monday. There
should be no user-visible changes due to this update, nor will it
affect the SAML 2.0 messages sent and received by the IdP.
This update will upgrade the Apache and PHP installations on the
servers to newer versions.
The new versions of Apache and PHP have been deployed to
idp-test.feide.no, and can be tested using any test SPs connected to
Feide, e.g. https://sp-test.feide.no/ .
If you have any questions or concerns wrt. this update, please contact
us at moria-support(a)uninett.no.
Best regards,
Olav Morken
UNINETT / Feide
We are planning to do an IdP update at 15:00 next Thursday. There
should be no user-visible changes due to this update, nor will it
affect the SAML 2.0 messages sent and received by the IdP.
This update will add a fix for a user-assisted cross site scripting
vulnerability in simpleSAMLphp.
In addition there is a minor change in the timeout when connecting to
the consent database. (In some rare cases the timeout was not long
enough, which would result in the user unnecessarily being asked for
consent.
We also have a change in the generation of the "feideSchoolList"
attribute, which should make it more lenient towards a common error
in the user directories.
The update will bring us from revision 3000 of simpleSAMLphp to
revision 3009. The full changelog can be viewed here:
http://code.google.com/p/simplesamlphp/source/list?path=/trunk/&start=3009
Only the change for the cross-site scripting problem should have any
effect on the Feide IdP. There are also some changes for properly
handling the "pt-BR" language code, but that language is not enabled.
The update has been deployed on idp-test.feide.no, and can be tested
using any test SPs connected to Feide, e.g. https://sp-test.feide.no/ .
If you have any questions or concerns wrt. this update, please contact
us at moria-support(a)uninett.no.
Best regards,
Olav Morken
UNINETT / Feide