Versions Compared

Old Version 7

changes.mady.by.user Former user

Saved on

compared with

New Version 8

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Different between Shibboleth 1.3 and 2.0

General Questions

What makes Shibboleth 2.0 different from Shibboleth 1.3?

...

Finally, a significantly simplified set of rules for attribute syntax in SAML 2.0 assertions have been adopted by the MACE-Dir working group to increase interoperability with other SAML implementations. The Shibboleth software includes a variety of improvements to maximize its ability to both produce and consume as many syntax variants as possible, and is much more extensible in this regard.

How has the identity provider changed?

The Shibboleth IdP has been completely redesigned for version 2.0.

...

The Shibboleth Native SP is structurally similar to the first generation software but incorporates many internal changes to reduce software conflicts, improve portability and manageability, and provide more options for application integration. Most of the software's configuration files have been redesigned, but without altering the overall deployment model.

What will Shibboleth 2.0 interoperate with?

...

Backward compatibility extends to the Shibboleth 1.3 software, and any other conformant implementations of the Shibboleth Protocols and Profiles specification. Significant compatibility with Shibboleth 1.2 should be expected but is not guaranteed.

Identity Provider Questions

How has the identity provider changed?

The Shibboleth IdP has been completely redesigned for version 2.0.

What changes do I need to make in my IdP's metadata?

The only change that you must make is a change to the URLs used by your identity provider. All of the profile endpoints in Shibboleth take the form <scheme>://<host>:<port>/<servlet-context>/profile/<profile-path>. In most cases you will use https as the scheme and idp as your servlet context path. The default locations for profile paths are listed below:

Path

Associated Profile

/Status

Provides status information about the IdP

/Metadata/SAML

Provides SAML metadata for the IdP

/Shibboleth/SSO

The Shibboleth 1.3 SSO profile

/SAML1/SOAP/AttributeQuery

SAML 1 attribute query using the SOAP binding

/SAML1/SOAP/ArtifactResolution

SAML 1 artifact query using the SOAP binding

/SAML2/POST/SSO

SAML 2 SSO profile using the HTTP-POST binding

/SAML2/POST-SimpleSign/SSO

SAML 2 SSO profile using the HTTP-POST-Simplesign binding

/SAML2/Redirect/SSO

SAML 2 SSO profile using the HTTP-Redirect binding

/SAML2/SOAP/AttributeQuery

SAML 2 attribute query using the SOAP binding

/SAML2/SOAP/ArtifactResolution

SAML 2 artifact resolution query using the SOAP binding

Other changes may be necessary in order to enable particular functionality. For example, if you wish to support SAML 2 you need to list SAML 2 in the your supported protocols and add SAML 2 endpoints to the IdPSSO and AttributeAuthority roles.

Service Provider Questions

How has the SP changed?

The Shibboleth Native SP is structurally similar to the first generation software but incorporates many internal changes to reduce software conflicts, improve portability and manageability, and provide more options for application integration. Most of the software's configuration files have been redesigned, but without altering the overall deployment model.