User Accounts - Known Issues

Logout

IMPORTANT: To fully logout a user should quit their browser session fully.
We are aware of a known issue regarding the Shibboleth extentions in use with Confluence. We apologize for this inconvinence and wil continue to track the issue with the developers involved.

"Logout may not work properly. A workaround is to alter the logout page to indicate that the user must completely close the browser application to logout."

Heartbleed / Open SSL

Information has been released about a new OpenSSL vulnerability (CVE-2014-0160) and we were using an affected version of OpenSSL until April 10, 2014, 10 AM PT.  We have updated our servers now to the latest version of OpenSSL that includes a patch for the vulnerability, revoked the old SSL keys/certificates, and reissued new SSL certificates. 


We recommend changing your account password, now - if you have an account on our the Kantara Initiative IdP (for example if you log in the Kantara Initiative wiki using the selection "Kantara Initiative IdP ..."). To change your password please go to: https://idp.kantarainitiative.org/myaccount.phpIt is highly recommended to have SSL certificate validity checks (CRL and/or OCSP) enabled in your Web browsers.
If you have any questions about this incident, please do not hesitate to contact us at staff at kantarainitative.org