Single Logout (SLO) is a feature that allows a user to terminate multiple authentication sessions by performing a single logout action. Implementing SLO is often a challenge in an environment where different organizations operate the identity provider (IdP) and service providers (SP) and have different requirements for what happens on a logout. Browser-mediated SLO is inherently brittle, because it requires all messaging to go through the browser and for the SP and IdP to be aligned. Unless the policies of the organizations that run the IdP and SP are aligned, SLO doesn’t work.
Recently, the Canadian Access Federation sent emails to Cirrus Identity Bridge customers with a registered Cirrus Bridge Identity Provider in the Canadian Access Federation (CAF) to call attention to the release of Shibboleth Version 5. See an example of the emails below.
Meta, formerly known as Facebook, has implemented a verification program designed to demonstrate that you’re connected to your business. Cirrus Proxy customers who have implemented the Facebook integration have received notification that you need to verify your business, but not all verification options work for edu domains.
Congratulations! You are live with your Cirrus Bridge. Now that you are operational, here are a few suggested best practices from the Cirrus Team.
In November 2023, InCommon introduced a new metadata health feature for the federation. This helps ensure accuracy of certain information provided in the metadata that can get stale over time like contacts, URLs (Privacy Statement, Logo, Error), and TLS endpoints. Below are some answers to common questions you may have about the metadata health feature.
Stakeholder communication is essential to ensure any implementation of new technology is successful. For customers implementing the Cirrus Bridge it is no different. In many cases, customers are retiring an existing Shibboleth service that has been running for decades and provided faculty, students, and staff access to hundreds of Service Providers. Working with many customers, Cirrus has identified that a good communication plan is essential at the beginning of each implementation.
Cirrus Identity is excited to share our External Login Solution video!
New Cirrus Bridge customers frequently ask, “Why does a Cirrus Bridge need read-only API access?” The following blog post and video address this question.