Shibboleth Implemented Protocols and Profiles
Below is a list of the protocols and profiles supported by the "current" Shibboleth products, which are generally the same as older versions, but any differences are noted.
...
Protocol/Profile | Identity Provider | Service Provider |
---|---|---|
SAML 1.1 1 | ||
| YES | YES |
| YES | YES |
| YES | YES 2 |
| YES | YES |
SAML 2.0 | ||
| YES | YES |
| YES | YES 2 |
| YES | YES |
| YES | YES |
| YES 4 | YES |
| NO | YES 3 |
| NO | NO |
WS-Federation Passive (ADFS) | NO | YES |
WS-Trust 1.3 | NO | NO |
OpenID 1 | NO | NO |
OpenID 2 | NO | NO |
OAuth 2 | YES 5 | NO |
OpenID Connect | YES 6 | NO |
CAS | YES 7 | NO |
1 Support for SAML 1.0 is minimal and mostly accidental with modern releases. Support for SAML 1.1 in the IdP is approaching “deprecated/at-risk” status with V5.0 and may disappear in the future. Anybody still using SAML 1.1 should absolutely be prioritizing migrating off of it.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6 and later.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 A first implementation of real Single Logout was added in IdP V3.2.
5 An official plugin is available for V4.1+.
6 A supported third-party extension is available for V3/V4.0 and and official plugin is available for V4.1+
7 Introduced in IdP V3, see documentation for specifics on features.
...