Supported Protocols

Shibboleth Implemented Protocols and Profiles

Below is a list of the protocols and profiles supported by the "current" Shibboleth products, which are generally the same but any differences are noted.

  • A YES does not indicate that every possible option has been implemented as some protocol/profiles have many tens or hundreds of possible options. It does indicate that at minimum all required options are supported.

  • Some protocol implementations may not be available in the base download, but are available as extensions.

Identity and Service Provider

Protocol/Profile

Identity Provider

Service Provider

Protocol/Profile

Identity Provider

Service Provider

SAML 1.1 1

  • SSO Profile

YES

YES

  • Shibboleth SSO Request Profile

YES

YES

  • Attribute Query

YES 4

YES 2

  • Artifact Resolution

YES

YES

SAML 2.0

  • SSO

YES4

YES

  • Attribute Query

YES 4

YES 2

  • Artifact Resolution

YES

YES

  • Enhanced Client

YES

YES

  • Single Logout

YES 5

YES

  • Name ID management

NO

YES 3

  • Name ID mapping

NO

NO

WS-Federation Passive (ADFS)

NO

YES

WS-Trust 1.3

NO

NO

OpenID 1

NO

NO

OpenID 2

NO

NO

OAuth 2

NO

NO

OpenID Connect

YES 6

NO

CAS

YES 7

NO

1 Support for SAML 1.0 is minimal and mostly accidental with modern releases.
2 Implemented as part of SSO profile support, exposed through additional features in SP 2.6 and later.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
5 A first implementation of real Single Logout was added in IdP 3.2 and is still under active development.
6 A supported third-party extension is available for V3/V4.0 and and official plugin is available for V4.1.
7 Introduced in IdP V3, see documentation for specifics on features.

Discovery Services

Protocol/Profile

Embedded DS

Protocol/Profile

Embedded DS

Shibboleth 1 Discovery (WAYF) Protocol

NO

SAML 2 Discovery Service Protocol

YES