Hi,
we are going to migrate the Feide SAML service to the same platform as
our other services. We will perform this change Tuesday 16 January at
18:00.
This change affects our SAML login service, running at idp.feide.no.
When we make the change, existing sessions for users will be
interrupted, so users will have to log in again. A few users will also
receive the information screen about attribute transfer to services
again after the migration. Other than this, the change will not have
any user visible impact.
As a result of this change, the IP addresses of idp.feide.no will
change to the following IP addresses:
* 13.48.34.249
* 13.49.91.81
* 13.49.105.9
* 2a05:d016:15b:5a06:1e46:c4a8:af23:9ff5
* 2a05:d016:15b:5a07:769e:3dc3:91e8:1746
* 2a05:d016:15b:5a08:119a:4e53:5a88:5785
If you have any firewalls that restrict outgoing connections, you may
have to update them to allow connections to the new IP addresses.
This change also removes support for an old TLS cipher:
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
This cipher is used by some old versions of Safari. It is already
disabled for services logging in using OpenID connect, so this change
should not affect many users.
The IP addresses that Feide uses to contact the LDAP servers at the
organizations as part of the login process will change, but the new IP
addresses are already in use for other parts of Feide. All
organizations already allow access from the new IP addresses.
The issuer of the certificate for idp.feide.no will change. The
current certificate is issued by Sectigo, while the new certificate
will be issued by Let's Encrypt.
If you have any questions or concerns wrt. this change, please contact
us at: kontakt(a)sikt.no
Best regards,
Olav Morken
Sikt / Feide