Hi,
we are going to migrate the Feide SAML service to the same platform as our other services. We will perform this change Tuesday 16 January at 18:00.
This change affects our SAML login service, running at idp.feide.no.
When we make the change, existing sessions for users will be interrupted, so users will have to log in again. A few users will also receive the information screen about attribute transfer to services again after the migration. Other than this, the change will not have any user visible impact.
As a result of this change, the IP addresses of idp.feide.no will change to the following IP addresses:
* 13.48.34.249 * 13.49.91.81 * 13.49.105.9 * 2a05:d016:15b:5a06:1e46:c4a8:af23:9ff5 * 2a05:d016:15b:5a07:769e:3dc3:91e8:1746 * 2a05:d016:15b:5a08:119a:4e53:5a88:5785
If you have any firewalls that restrict outgoing connections, you may have to update them to allow connections to the new IP addresses.
This change also removes support for an old TLS cipher:
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
This cipher is used by some old versions of Safari. It is already disabled for services logging in using OpenID connect, so this change should not affect many users.
The IP addresses that Feide uses to contact the LDAP servers at the organizations as part of the login process will change, but the new IP addresses are already in use for other parts of Feide. All organizations already allow access from the new IP addresses.
The issuer of the certificate for idp.feide.no will change. The current certificate is issued by Sectigo, while the new certificate will be issued by Let's Encrypt.
If you have any questions or concerns wrt. this change, please contact us at: kontakt@sikt.no
Best regards, Olav Morken Sikt / Feide
Hi,
the migration has been completed.
If you experience any problems, please contact us at kontakt@sikt.no.
Best regards, Olav Morken Sikt / Feide ________________________________ From: Olav Morken Sent: Monday, January 8, 2024 14:59 To: updates@feide.no updates@feide.no Subject: Migration of Feide SAML service Tuesday 16 January at 18:00
Hi,
we are going to migrate the Feide SAML service to the same platform as our other services. We will perform this change Tuesday 16 January at 18:00.
This change affects our SAML login service, running at idp.feide.no.
When we make the change, existing sessions for users will be interrupted, so users will have to log in again. A few users will also receive the information screen about attribute transfer to services again after the migration. Other than this, the change will not have any user visible impact.
As a result of this change, the IP addresses of idp.feide.no will change to the following IP addresses:
* 13.48.34.249 * 13.49.91.81 * 13.49.105.9 * 2a05:d016:15b:5a06:1e46:c4a8:af23:9ff5 * 2a05:d016:15b:5a07:769e:3dc3:91e8:1746 * 2a05:d016:15b:5a08:119a:4e53:5a88:5785
If you have any firewalls that restrict outgoing connections, you may have to update them to allow connections to the new IP addresses.
This change also removes support for an old TLS cipher:
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
This cipher is used by some old versions of Safari. It is already disabled for services logging in using OpenID connect, so this change should not affect many users.
The IP addresses that Feide uses to contact the LDAP servers at the organizations as part of the login process will change, but the new IP addresses are already in use for other parts of Feide. All organizations already allow access from the new IP addresses.
The issuer of the certificate for idp.feide.no will change. The current certificate is issued by Sectigo, while the new certificate will be issued by Let's Encrypt.
If you have any questions or concerns wrt. this change, please contact us at: kontakt@sikt.no
Best regards, Olav Morken Sikt / Feide
-
Olav Morken