Shibboleth Service Provider Version 3.1.0 Released

Dear customers,

On April 13 2020, Shibboleth Service Provider (SP) was released [1].

This version mainly addresses issues caused by the SameSite settings in Google Chrome, as we have informed you in our email from February 10, 2020 and [2]. The new features will allow for a more precise control of cookies which usually is not necessary in the default setting of the SP. Additional new features are:

• Possibility to deactivate logins initiated by the IdP
• Multiple values can now be separated with any character (instead of just “;”)
• URLs in the SP can be further restricted after login

We have tested the new SP and have concluded SPs in their pre-existing configuration do not behave any differently after the update. Hence, we recommend to install the new version. It is available for RPM-based Linux distributions as well as for Windows. We expect the repository soon to be available for Ubuntu 18, and Debian 9 and 10 via SWITCH, too.

If you commissioned DAASI International to operate your SP infrastructure, we will test and install the update shortly, as part of the support contract. Alternatively, it is also possible to use available helpdesk contingent to potentially adjust configurations, test and install the update.

Kind regards,

DAASI International Support Team

[1]: https://wiki.shibboleth.net/confluence/display/SP3/ReleaseNotes
[2]: https://listserv.aai.dfn.de/pipermail/aai-users/2020-February/000811.html