...
Below is a list of the protocols and profiles supported by the "current" Shibboleth products, which are generally the same but any differences are noted.
A YES does not indicate that every possible option has been implemented as some protocol/profiles have many tens or hundreds of possible options. It does indicate that at minimum all required options are supported.
Some protocol implementations may not be available in the base download, but are available as extensions.
Identity and Service Provider
Protocol/Profile | Identity Provider |
---|
Service Provider | ||
---|---|---|
SAML 1.1 1 | ||
| YES | YES |
| YES | YES |
| YES 4 | YES 2 |
| YES | YES |
SAML 2.0 | ||
| YES4 | YES |
| YES 4 | YES 2 |
| YES | YES |
| YES | YES |
| YES 5 | YES |
| NO | YES 3 |
| NO | NO |
WS-Federation Passive (ADFS) | NO | YES |
WS-Trust 1.3 | NO | NO |
OpenID 1 | NO | NO |
OpenID 2 | NO | NO |
OAuth | NO | NO |
OpenID Connect | YES 6 | NO |
CAS | YES 7 | NO |
1 Support for SAML 1.0 is minimal and mostly accidental with modern releases.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6 and later.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
5 A first implementation of real Single Logout was added in IdP 3.2 and is still under active development.
6 A supported third-party extension is available for V3 and was migrated to a Shibboleth git repository for V4. Substantial configuration instability should be expected between now and an eventual "stable" version delivered with V5 (no sooner than 2021).
7 Introduced in IdP V3, see documentation for specifics on features.
Discovery Services
Protocol/Profile | Embedded DS |
---|---|
Shibboleth 1 Discovery (WAYF) Protocol | NO |
SAML 2 Discovery Service Protocol | YES |