Shibboleth Implemented Protocols and Profiles
...
Identity and Service Provider
Protocol/Profile | Identity Provider | Service Provider |
---|---|---|
SAML 1.1 1 | ||
| YES | YES |
| YES | YES |
| YES 4 | YES 2 |
| YES | YES |
SAML 2.0 | ||
| YES4 | YES |
| YES 4 | YES 2 |
| YES | YES |
| YES | YES |
| YES 5 | YES |
| NO | YES 3 |
| NO | NO |
WS-Federation Passive (ADFS) | NO | YES |
WS-Trust 1.3 | NO | NO |
OpenID 1 | NO | NO |
OpenID 2 | NO | NO |
OAuth 2 |
YES 6 | NO |
OpenID Connect | YES |
7 | NO |
CAS | YES |
8 | NO |
1 Support for SAML 1.0 is minimal and mostly accidental with modern releases.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6 and later.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
5 A first implementation of real Single Logout was added in IdP 3V3.2 and is still under active development.
6 .
6 An official plugin is available for V4.1+.
7 A supported third-party extension is available for V3/V4.0 and and official plugin is available for V4.1.+
7 8 Introduced in IdP V3, see documentation for specifics on features.
Discovery Services
Protocol/Profile | Embedded DS |
---|---|
Shibboleth 1 Discovery (WAYF) Protocol | NO |
SAML 2 Discovery Service Protocol | YES |