Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

Shibboleth Implemented Protocols and Profiles

Below is a list of the protocols and profiles supported by V2.x and V3.x Shibboleth products, which are generally the same but any differences are noted.

  • A YES does not indicate that every possible option has been implemented as some protocol/profiles have many tens or hundreds of possible options. It does indicate that at minimum all required options are supported.
  • Some protocol implementations may not be available in the base download, but are available as extensions.

Identity and Service Provider

Protocol/Profile

Identity Provider

Native Service Provider

SAML 1.11



  • SSO Profile

YES

YES

  • Shibboleth SSO Request Profile

YES

YES

  • Attribute Query

YES5

YES2

  • Artifact Resolution

YES

YES

SAML 2.0



  • SSO

YES4

YES

  • Attribute Query

YES5

YES2

  • Artifact Resolution

YES

YES

  • Enhanced Client

YES6

YES

  • Single Logout

YES7

YES

  • Name ID management

NO

YES3

  • Name ID mapping

NO

NO

WS-Federation Passive (ADFS)

NO

YES
(included with SP, but not enabled by default)

WS-Trust 1.3

NO

NO

OpenID 1

NO

NO

OpenID 2

NO

NO

OAuth

NO

NO

OpenID ConnectYES8NO
CASYES9NO

1Support for SAML 1.0 is minimal and mostly accidental with current releases.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 HTTP-Artifact binding only supported outbound to SP, not inbound.
5 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
6 The basic variant is in the core since IdP 2.3. The delegated variant requires an extension. See ECP for details.
7A first implementation of real Single Logout was added in IdP 3.2 and is still under active development.
8A supported third-party extension is available for V3 and will be migrated to a Shibboleth git repository for V4. Substantial configuration instability should be expected between now and an eventual "stable" version delivered with V5 (no sooner than 2021).
9Introduced in IdP V3, see documentation for specifics on features

Discovery Services

Protocol/Profile

Centralized DS

Embedded DS

Shibboleth 1 Discovery (WAYF) Protocol

YES

NO

SAML 2 Discovery Service Protocol

YES

YES

  • No labels