OpenAthens incident

Advisory for OpenAthens customers using custom SAML resources.

Notice Resolved View vendor source →

OpenAthens experienced a notice incident on March 18, 2025 affecting OpenAthens Compass dashboard, lasting 86d 3h. The incident has been resolved; the full update timeline is below.

Started
Mar 18, 2025, 03:18 PM UTC
Resolved
Jun 12, 2025, 06:22 PM UTC
Duration
86d 3h
Detected by Pingoru
Mar 18, 2025, 03:18 PM UTC

Affected components

OpenAthens Compass dashboard

Update timeline

  1. identified Mar 18, 2025, 03:18 PM UTC

    Institutional customers using custom SAML resources in OpenAthens should be aware of security vulnerabilities in Shibboleth Service Provider software and SimpleSAML Service Provider software which might affect the vendors they are connecting with. What you need to do: We suggest institutional customers using custom SAML resources in OpenAthens send these links to their vendors and ask them to confirm their Service Provider software is either unaffected or that the vulnerability has been addressed. To find the resources, please go into the admin area and look at the custom tab within the resource catalogue, you only need to concern yourself with the ones that say SAML. You can find more information here: https://shibboleth.net/pipermail/announce/2025-March/000337.html https://simplesamlphp.org/security/202501-01 For the avoidance of doubt: these vulnerabilities do NOT affect the OpenAthens service. Please direct all queries to the vendors for which your institution is using custom SAML resources in OpenAthens.

  2. resolved Jun 12, 2025, 06:22 PM UTC

    This incident has been resolved.