Different between Shibboleth 1.3 and 2.0
General Questions
What makes Shibboleth 2.0 different from Shibboleth 1.3?
...
Finally, a significantly simplified set of rules for attribute syntax in SAML 2.0 assertions have been adopted by the MACE-Dir working group to increase interoperability with other SAML implementations. The Shibboleth software includes a variety of improvements to maximize its ability to both produce and consume as many syntax variants as possible, and is much more extensible in this regard.
How has the identity provider changed?
The Shibboleth IdP has been completely redesigned for version 2.0.
...
The Shibboleth Native SP is structurally similar to the first generation software but incorporates many internal changes to reduce software conflicts, improve portability and manageability, and provide more options for application integration. Most of the software's configuration files have been redesigned, but without altering the overall deployment model.
What will Shibboleth 2.0 interoperate with?
...
Backward compatibility extends to the Shibboleth 1.3 software, and any other conformant implementations of the Shibboleth Protocols and Profiles specification. Significant compatibility with Shibboleth 1.2 should be expected but is not guaranteed.
Identity Provider Questions
How has the identity provider changed?
The Shibboleth IdP has been completely redesigned for version 2.0.
What changes do I need to make in my IdP's metadata?
The only change that you must make is a change to the URLs used by your identity provider. All of the profile endpoints in Shibboleth take the form <scheme>://<host>:<port>/<servlet-context>/profile/<profile-path>
. In most cases you will use https
as the scheme and idp
as your servlet context path. The default locations for profile paths are listed below:
Path | Associated Profile |
---|---|
/Status | Provides status information about the IdP |
/Metadata/SAML | Provides SAML metadata for the IdP |
/Shibboleth/SSO | The Shibboleth 1.3 SSO profile |
/SAML1/SOAP/AttributeQuery | SAML 1 attribute query using the SOAP binding |
/SAML1/SOAP/ArtifactResolution | SAML 1 artifact query using the SOAP binding |
/SAML2/POST/SSO | SAML 2 SSO profile using the HTTP-POST binding |
/SAML2/POST-SimpleSign/SSO | SAML 2 SSO profile using the HTTP-POST-Simplesign binding |
/SAML2/Redirect/SSO | SAML 2 SSO profile using the HTTP-Redirect binding |
/SAML2/SOAP/AttributeQuery | SAML 2 attribute query using the SOAP binding |
/SAML2/SOAP/ArtifactResolution | SAML 2 artifact resolution query using the SOAP binding |
Other changes may be necessary in order to enable particular functionality. For example, if you wish to support SAML 2 you need to list SAML 2 in the your supported protocols and add SAML 2 endpoints to the IdPSSO and AttributeAuthority roles.
Service Provider Questions
How has the SP changed?
The Shibboleth Native SP is structurally similar to the first generation software but incorporates many internal changes to reduce software conflicts, improve portability and manageability, and provide more options for application integration. Most of the software's configuration files have been redesigned, but without altering the overall deployment model.