Shibboleth Implemented Protocols and Profiles
Below is a list of the protocols and profiles supported by the "current" Shibboleth products, which are generally the same as older versions, but any differences are noted.
...
Identity and Service Provider
Protocol/Profile | Identity Provider | Service Provider |
|---|---|---|
SAML 1.1 1 | ||
| YES | YES |
| YES | YES |
| YES | |
YES 2 | ||
| YES | YES |
SAML 2.0 | ||
| YES | |
YES | |
| YES |
YES 2 | ||
| YES | YES |
| YES | YES |
| YES |
4 | YES | |
| NO | YES 3 |
| NO | NO |
WS-Federation Passive (ADFS) | NO | YES |
WS-Trust 1.3 | NO | NO |
OpenID 1 | NO | NO |
OpenID 2 | NO | NO |
OAuth 2 |
YES 5 | NO | |
OpenID Connect | YES 6 | NO |
CAS | YES 7 | NO |
1 Support for SAML 1.0 is minimal and mostly accidental with modern releases. Support for SAML 1.1 in the IdP is approaching “deprecated/at-risk” status with V5.0 and may disappear in the future. Anybody still using SAML 1.1 should absolutely be prioritizing migrating off of it.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6 and later.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
5 A first implementation of real Single Logout was added in IdP 3V3.2 and is still under active development.
5 An official plugin is available for V4.1+.
6 A supported third-party extension is available for V3 and was migrated to a Shibboleth git repository for V4. Substantial configuration instability should be expected between now and an eventual "stable" version delivered with V5 (no sooner than 2021)./V4.0 and and official plugin is available for V4.1+
7 Introduced in IdP V3, see documentation for specifics on features.
Discovery Services
Protocol/Profile | Embedded DS |
|---|---|
Shibboleth 1 Discovery (WAYF) Protocol | NO |
SAML 2 Discovery Service Protocol | YES |