...
Below is a list of the protocols and profiles supported by V2.x and V3.x the "current" Shibboleth products, which are generally the same but any differences are noted.
...
Protocol/Profile | Identity Provider | Native Service Provider |
---|---|---|
SAML 1.11 | ||
| YES | YES |
| YES | YES |
| YES 54 | YES 2 |
| YES | YES |
SAML 2.0 | ||
| YES4 | YES |
| YES 54 | YES 2 |
| YES | YES |
| YES6 | YES |
| YES 7 5 | YES |
| NO | YES 3 |
| NO | NO |
WS-Federation Passive (ADFS) | NO | YES |
WS-Trust 1.3 | NO | NO |
OpenID 1 | NO | NO |
OpenID 2 | NO | NO |
OAuth | NO | NO |
OpenID Connect | YES 86 | NO |
CAS | YES 97 | NO |
1 Support for SAML 1.0 is minimal and mostly accidental with current modern releases.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6 and later.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 HTTP-Artifact binding only supported outbound to SP, not inbound.
5 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
6 The basic variant is in the core since IdP 2.3. The delegated variant requires an extension. See ECP for details.
75 A first implementation of real Single Logout was added in IdP 3.2 and is still under active development.
86 A supported third-party extension is available for V3 and will be was migrated to a Shibboleth git repository for V4. Substantial configuration instability should be expected between now and an eventual "stable" version delivered with V5 (no sooner than 2021).
97 Introduced in IdP V3, see documentation for specifics on features.
Discovery Services
Protocol/ProfileCentralized DS | Embedded DS | |
---|---|---|
Shibboleth 1 Discovery (WAYF) Protocol | YES | NO |
SAML 2 Discovery Service ProtocolYES | YES |