Shibboleth Implemented Protocols and Profiles
Below is a list of the protocols and profiles supported by V2.x and V3.x Shibboleth products, which are generally the same but any differences are noted.
- A YES does not indicate that every possible option has been implemented as some protocol/profiles have many tens or hundreds of possible options. It does indicate that at minimum all required options are supported.
- Some protocol implementations may not be available in the base download, but are available as extensions.
Identity and Service Provider
Protocol/Profile | Identity Provider | Native Service Provider |
---|---|---|
SAML 1.11 | ||
| YES | YES |
| YES | YES |
| YES5 | YES2 |
| YES | YES |
SAML 2.0 | ||
| YES4 | YES |
| YES5 | YES2 |
| YES | YES |
| YES6 | YES |
| YES7 | YES |
| NO | YES3 |
| NO | NO |
WS-Federation Passive (ADFS) | NO | YES |
WS-Trust 1.3 | NO | NO |
OpenID 1 | NO | NO |
OpenID 2 | NO | NO |
OAuth | NO | NO |
OpenID Connect | YES8 | NO |
CAS | YES9 | NO |
1Support for SAML 1.0 is minimal and mostly accidental with current releases.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 HTTP-Artifact binding only supported outbound to SP, not inbound.
5 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
6 The basic variant is in the core since IdP 2.3. The delegated variant requires an extension. See ECP for details.
7A first implementation of real Single Logout was added in IdP 3.2 and is still under active development.
8A supported third-party extension is available for V3 and will be migrated to a Shibboleth git repository for V4. Substantial configuration instability should be expected between now and an eventual "stable" version delivered with V5 (no sooner than 2021).
9Introduced in IdP V3, see documentation for specifics on features
Discovery Services
Protocol/Profile | Centralized DS | Embedded DS |
---|---|---|
Shibboleth 1 Discovery (WAYF) Protocol | YES | NO |
SAML 2 Discovery Service Protocol | YES | YES |