The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
ProtocolsAndInterfaces
- Scott Cantor
- Rod Widdowson
Owned by Scott Cantor
| The following standardized protocol interfaces are supported: | |||
| Protocol | Binding | Endpoint | Profile ID |
|---|---|---|---|
| SAML 2.0 Browser SSO | HTTP-Redirect | /profile/SAML2/Redirect/SSO |
|
| HTTP-POST | /profile/SAML2/POST/SSO | ||
| HTTP-POST-SimpleSign | /profile/SAML2/POST-SimpleSign/SSO | ||
| Shibboleth Protocol (proprietary) | /profile/SAML2/Unsolicited/SSO | ||
| SAML 2.0 Enhanced Client/Proxy | SOAP 1.1 | /profile/SAML2/SOAP/ECP | http://shibboleth.net/ns/profiles/saml2/sso/browser |
| SAML 2.0 Single Logout | HTTP-Redirect | /profile/SAML2/Redirect/SLO | |
| HTTP-POST | /profile/SAML2/POST/SLO | ||
| HTTP-POST-SimpleSign | /profile/SAML2/POST-SimpleSign/SLO | ||
| SOAP 1.1 | /profile/SAML2/SOAP/SLO | ||
| SAML 2.0 Attribute Query | SOAP 1.1 | /profile/SAML2/SOAP/AttributeQuery |
|
| SAML 2.0 Artifact Resolution | SOAP 1.1 | /profile/SAML2/SOAP/ArtifactResolution | http://shibboleth.net/ns/profiles/saml2/query/artifactArtifactQueryProfileConfiguration.PROFILE_ID |
| SAML 1.1 Browser SSO | Shibboleth Protocol (proprietary) | /profile/Shibboleth/SSO | |
| SAML 1.1 Attribute Query | SOAP 1.1 | /profile/SAML1/SOAP/AttributeQuery | |
| SAML 1.1 Artifact Resolution | SOAP 1.1 | /profile/SAML1/SOAP/ArtifactResolution | |
| ID-WSF Single Sign-On Service | SOAP 1.1 | /profile/IDWSF/SSOS | |
| CAS 2 Login | /profile/cas/login | ||
| CAS 2 Proxy Login | /profile/cas/proxy | ||
| CAS 2 Logout | /profile/cas/logout | ||
| CAS 2 Ticket Validation | /profile/cas/serviceValidate | ||
| CAS 2 Proxy Ticket Validation | /profile/cas/proxyValidate | ||
| CAS 2 SAML Validation | /profile/cas/samlValidate | ||
| The following proprietary interfaces are supported: | |||
| Logout | /profile/Logout | ||
| The following administrative interfaces are supported: | |||
| Status | /status | http://shibboleth.net/ns/profiles/status | |
| Attribute Resolver/Filter | /profile/admin/resolvertest | http://shibboleth.net/ns/profiles/resolvertest | |
| Reload Service Configuration | /profile/admin/reload-service | http://shibboleth.net/ns/profiles/reload-service-configuration | |
| Reload Metadata Resolver | /profile/admin/reload-metadata | http://shibboleth.net/ns/profiles/reload-metadata | |
| Lockout | /profile/admin/lockout | http://shibboleth.net/ns/profiles/lockout-manager | |
| Metadata Query | /profile/admin/mdquery | http://shibboleth.net/ns/profiles/mdquery | |
| Metrics | /profile/admin/metrics | http://shibboleth.net/ns/profiles/metrics | |
| Storage | jsonapi.org | /profile/admin/storage | http://shibboleth.net/ns/profiles/storage |
The Profile ID string can always be found in the ProfileRequestContext as the profileId and can be used to drive conditions
<bean parent="shibboleth.Conditions.Expression" c:expression="#profileContext.getProfileId().equals('http://shibboleth.net/ns/profiles/mdquery')"/>