...
Protocol/Profile | Identity Provider | Service Provider |
|---|---|---|
SAML 1.1 1 | ||
| YES | YES |
| YES | YES |
| YES 4 | YES 2 |
| YES | YES |
SAML 2.0 | ||
| YES4 | YES |
| YES 4 | YES 2 |
| YES | YES |
| YES | YES |
| YES 5 | YES |
| NO | YES 3 |
| NO | NO |
WS-Federation Passive (ADFS) | NO | YES(included with SP, but not enabled by default) |
WS-Trust 1.3 | NO | NO |
OpenID 1 | NO | NO |
OpenID 2 | NO | NO |
OAuth 2 | NO | NO |
OpenID Connect | YES 6 | NO |
CAS | YES 7 | NO |
1 Support for SAML 1.0 is minimal and mostly accidental with modern releases.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6 and later.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
5 A first implementation of real Single Logout was added in IdP 3.2 and is still under active development.
6 A supported third-party extension is available for V3 and was migrated to a Shibboleth git repository for V4. Substantial configuration instability should be expected between now and an eventual "stable" version delivered with V5 (no sooner than 2021)/V4.0 and and official plugin is available for V4.1.
7 Introduced in IdP V3, see documentation for specifics on features.
...