ProtocolsAndInterfaces

Owned by Scott Cantor
Last updated: Sept 14, 2023
1 min read

The following standardized protocol interfaces are supported:

Protocol

Binding

Endpoint

Profile ID

SAML 2.0 Browser SSO

HTTP-Redirect

/profile/SAML2/Redirect/SSO





http://shibboleth.net/ns/profiles/saml2/sso/browser

 

HTTP-POST

/profile/SAML2/POST/SSO

 

HTTP-POST-SimpleSign

/profile/SAML2/POST-SimpleSign/SSO

 

Shibboleth Protocol (proprietary)

/profile/SAML2/Unsolicited/SSO

SAML 2.0 Enhanced Client/Proxy

SOAP 1.1

/profile/SAML2/SOAP/ECP

http://shibboleth.net/ns/profiles/saml2/sso/ecp

SAML 2.0 Single Logout

HTTP-Redirect

/profile/SAML2/Redirect/SLO





http://shibboleth.net/ns/profiles/saml2/logout

 

HTTP-POST

/profile/SAML2/POST/SLO

 

HTTP-POST-SimpleSign

/profile/SAML2/POST-SimpleSign/SLO

 

SOAP 1.1

/profile/SAML2/SOAP/SLO

SAML 2.0 Attribute Query

SOAP 1.1

/profile/SAML2/SOAP/AttributeQuery

http://shibboleth.net/ns/profiles/saml2/query/attribute

SAML 2.0 Artifact Resolution

SOAP 1.1

/profile/SAML2/SOAP/ArtifactResolution

http://shibboleth.net/ns/profiles/saml2/query/artifact

SAML 1.1 Browser SSO

Shibboleth Protocol (proprietary)

/profile/Shibboleth/SSO

http://shibboleth.net/ns/profiles/saml1/sso/browser

SAML 1.1 Attribute Query

SOAP 1.1

/profile/SAML1/SOAP/AttributeQuery

http://shibboleth.net/ns/profiles/saml1/query/attribute

SAML 1.1 Artifact Resolution

SOAP 1.1

/profile/SAML1/SOAP/ArtifactResolution

http://shibboleth.net/ns/profiles/saml1/query/artifact

CAS 2 Login

 

/profile/cas/login

 

CAS 2 Proxy Login

 

/profile/cas/proxy

 

CAS 2 Logout

 

/profile/cas/logout

 

CAS 2 Ticket Validation

 

/profile/cas/serviceValidate

 

CAS 2 Proxy Ticket Validation

 

/profile/cas/proxyValidate

 

CAS 2 SAML Validation

 

/profile/cas/samlValidate

 

The following proprietary interfaces are supported:

Logout

 

/profile/Logout

 

The following administrative interfaces are supported:

Status

 

/status

http://shibboleth.net/ns/profiles/status

Hello World

 

/profile/admin/hello

http://shibboleth.net/ns/profiles/hello

Attribute Resolver/Filter

 

/profile/admin/resolvertest

http://shibboleth.net/ns/profiles/resolvertest

Reload Service Configuration

 

/profile/admin/reload-service

http://shibboleth.net/ns/profiles/reload-service-configuration

Reload Metadata Resolver

 

/profile/admin/reload-metadata

http://shibboleth.net/ns/profiles/reload-metadata

Lockout

 

/profile/admin/lockout

http://shibboleth.net/ns/profiles/lockout-manager

Metadata Query

 

/profile/admin/mdquery

http://shibboleth.net/ns/profiles/mdquery

Metrics

 

/profile/admin/metrics

http://shibboleth.net/ns/profiles/metrics

Storage

jsonapi.org

/profile/admin/storage

http://shibboleth.net/ns/profiles/storage

Attended Restart

 

/profile/admin/unlock-keys

http://shibboleth.net/ns/profiles/unlock-keys

The Profile ID string can always be found in the ProfileRequestContext as the profileId and can be used to drive conditions

<bean parent="shibboleth.Conditions.Expression" c:expression="#profileContext.getProfileId().equals('http://shibboleth.net/ns/profiles/mdquery')">