The exciting news is that the Kantara Initiative IT tools are SSO deployed! We use a combination of Shibboleth through a SimpleSAMLphp gateway. All of our user accounts are registered and managed through specified Identiy Providers (IdPs). As the IDs and Passwords are stored with each Identity Provider we do not manage user account adminstration through confluence. IMPORTANT: To change or retrieve a lost password each user will need to login to the Identity Provider where their user account is registered. Current IdPs supported include ProtectNetwork, Kantara Initiative and OpenID. The OpenID Deployment is still in experimental phase as the harmonization around such a Multi-Protocol solution develops.
IMPORTANT: To fully logout a user should quit their browser session fully.
We are aware of a known issue regarding the Shibboleth extentions in use with Confluence. We apologize for this inconvinence and wil continue to track the issue with the developers involved.
"Logout may not work properly. A workaround is to alter the logout page to indicate that the user must completely close the browser application to logout." - source
Heartbleed / Open SSL
Information has been released about a new OpenSSL vulnerability (CVE-2014-0160) and we were using an affected version of OpenSSL until April 10, 2014, 10 AM PT. We have updated our servers now to the latest version of OpenSSL that includes a patch for the vulnerability, revoked the old SSL keys/certificates, and reissued new SSL certificates.