CAF Newsletter – March 2021

New CAF Workspace: Slack

We’re very excited to unveil our new CAF Slack workspace. We now have a single platform for community collaboration on identity-related topics, offering you the opportunity to share real-time solutions and stories about both eduroam and FIM. The CAF Slack Workspace will help us to collectively stay informed and connected and help us learn from one another to advance research and education in Canada and abroad. If you are an authorized CAF contact, look for your invitation to join the CAF Slack workspace soon. As your hosts, our entire CAF team will be joining as well. We’re looking forward to chatting.
For more information, please reach out to: caf@canarie.ca

Getting Ready for MFA

Earlier this year we established the Trust and Identity Committee. The role of this committee is to provide guidance on the evolution of sector-wide identity management services, including CAF. Our first topic of discussion was cybersecurity; specifically, we discussed elevating security baselines away from username and passwords, towards MFA as a minimum requirement. Critical service providers such as the National Institute of Health in the US will require MFA to access resources, effective September 2021. The committee is keen to support CAF participants to ensure that research and collaboration continues without disruption.
If you are interested in learning more, please reach out to: caf@canarie.ca

Shibboleth IdP v4 Upgrade

The IT Shibboleth IdP v4 upgrade is more important than ever as it will allow you to take advantage of new features specific to MFA. The community response to this upgrade has been strong and we appreciate your efforts to raise the security profile of everyone in the federation. If you have not completed this upgrade, please do so soon as possible. If you need any support, please visit the guidance on our website or reach out to us directly at: tickets@canarie.ca
As a reminder, Shibboleth IdP v3 reached its end of life as of December 31, 2020 and security patches or releases will no longer be provided.

ADFS Toolkit v2

Finally, for those on ADFS, we have not forgotten about you. The ADFS Toolkit v2 has just been released with enhanced functionality for even better handling of federation metadata. This will be foundational in supporting our MFA effort in CAF. Support documentation developed by the international community is available here and will be added to the CANARIE website soon. French translations will also be added at the same time. In the meantime, for ADFS support, please reach out to: tickets@canarie.ca

eduroam Updates

The Android 11 updates are disconnecting your users from eduroam. The good news is that if you have implemented the eduroam CAT profile from the cat.eduroam.org portal, your users will not be affected. To recap, the December release of the Android 11 QPR1 security update changed how certificates are handled for Wi-Fi security. Once the user upgrades their mobile device to Android 11, the ability to connect to eduroam is lost unless the eduroam CAT profile is installed.

eduroam CAT profile fun facts:

  • Configuration takes less than 1 hour and significantly improves your organization’s security posture (and we’re here to help).
  • Launching the profile does not affect your existing eduroam users and no proxy reconfiguration is required.
  • Installing the profile prevents mobile devices from negotiating with rogue access points, thus mitigating the risk of man-in-the-middle attacks and strengthening protections of personal identifiable information (PII).
  • It offers a more secure Wi-Fi roaming experience, leveraging industry standards and security best practices.
  • Strengthens the security posture for your entire organization.
  • If you have any question, please reach out to us directly at: tickets@canarie.ca