Shibboleth Implemented Protocols and Profiles
...
Protocol/Profile | Identity Provider | Service Provider |
---|---|---|
SAML 1.1 1 | ||
| YES | YES |
| YES | YES |
| YES4 | YES 2 |
| YES | YES |
SAML 2.0 | ||
| YES4 | YES |
| YES4 | YES 2 |
| YES | YES |
| YES | YES |
| YES 54 | YES |
| NO | YES 3 |
| NO | NO |
WS-Federation Passive (ADFS) | NO | YES |
WS-Trust 1.3 | NO | NO |
OpenID 1 | NO | NO |
OpenID 2 | NO | NO |
OAuth 2 | YES 65 | NO |
OpenID Connect | YES 76 | NO |
CAS | YES 87 | NO |
1 Support for SAML 1.0 is minimal and mostly accidental with modern releases.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6 and later.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
5 A first implementation of real Single Logout was added in IdP V3.2.
6 5 An official plugin is available for V4.1+.
7 6 A supported third-party extension is available for V3/V4.0 and and official plugin is available for V4.1+
8 7 Introduced in IdP V3, see documentation for specifics on features.
...