The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

ProtocolsAndInterfaces

Owned by Scott Cantor
Last updated: Aug 31, 2021 by Rod Widdowson
1 min read



The following standardized protocol interfaces are supported:

Protocol

Binding

Endpoint

Profile ID

SAML 2.0 Browser SSO

HTTP-Redirect

/profile/SAML2/Redirect/SSO





http://shibboleth.net/ns/profiles/saml2/sso/browser



HTTP-POST

/profile/SAML2/POST/SSO



HTTP-POST-SimpleSign

/profile/SAML2/POST-SimpleSign/SSO



Shibboleth Protocol (proprietary)

/profile/SAML2/Unsolicited/SSO

SAML 2.0 Enhanced Client/Proxy

SOAP 1.1

/profile/SAML2/SOAP/ECP

http://shibboleth.net/ns/profiles/saml2/sso/ecp

SAML 2.0 Single Logout

HTTP-Redirect

/profile/SAML2/Redirect/SLO





http://shibboleth.net/ns/profiles/saml2/logout



HTTP-POST

/profile/SAML2/POST/SLO



HTTP-POST-SimpleSign

/profile/SAML2/POST-SimpleSign/SLO



SOAP 1.1

/profile/SAML2/SOAP/SLO

SAML 2.0 Attribute Query

SOAP 1.1

/profile/SAML2/SOAP/AttributeQuery

http://shibboleth.net/ns/profiles/saml2/query/attribute

SAML 2.0 Artifact Resolution

SOAP 1.1

/profile/SAML2/SOAP/ArtifactResolution

http://shibboleth.net/ns/profiles/saml2/query/artifact

SAML 1.1 Browser SSO

Shibboleth Protocol (proprietary)

/profile/Shibboleth/SSO

http://shibboleth.net/ns/profiles/saml1/sso/browser

SAML 1.1 Attribute Query

SOAP 1.1

/profile/SAML1/SOAP/AttributeQuery

http://shibboleth.net/ns/profiles/saml1/query/attribute

SAML 1.1 Artifact Resolution

SOAP 1.1

/profile/SAML1/SOAP/ArtifactResolution

http://shibboleth.net/ns/profiles/saml1/query/artifact

ID-WSF Single Sign-On Service

SOAP 1.1

/profile/IDWSF/SSOS

http://shibboleth.net/ns/profiles/liberty/ssos

CAS 2 Login



/profile/cas/login



CAS 2 Proxy Login



/profile/cas/proxy



CAS 2 Logout



/profile/cas/logout



CAS 2 Ticket Validation



/profile/cas/serviceValidate



CAS 2 Proxy Ticket Validation



/profile/cas/proxyValidate



CAS 2 SAML Validation



/profile/cas/samlValidate



The following proprietary interfaces are supported:

Logout



/profile/Logout



The following administrative interfaces are supported:

Status



/status

http://shibboleth.net/ns/profiles/status

Hello World 4.1



/profile/admin/hello

http://shibboleth.net/ns/profiles/hello

Attribute Resolver/Filter



/profile/admin/resolvertest

http://shibboleth.net/ns/profiles/resolvertest

Reload Service Configuration



/profile/admin/reload-service

http://shibboleth.net/ns/profiles/reload-service-configuration

Reload Metadata Resolver



/profile/admin/reload-metadata

http://shibboleth.net/ns/profiles/reload-metadata

Lockout



/profile/admin/lockout

http://shibboleth.net/ns/profiles/lockout-manager

Metadata Query



/profile/admin/mdquery

http://shibboleth.net/ns/profiles/mdquery

Metrics



/profile/admin/metrics

http://shibboleth.net/ns/profiles/metrics

Storage

jsonapi.org

/profile/admin/storage

http://shibboleth.net/ns/profiles/storage

Attended Restart



/profile/admin/unlock-keys

http://shibboleth.net/ns/profiles/unlock-keys



The Profile ID string can always be found in the ProfileRequestContext as the profileId and can be used to drive conditions

<bean parent="shibboleth.Conditions.Expression" c:expression="#profileContext.getProfileId().equals('http://shibboleth.net/ns/profiles/mdquery')">




Â