Identity Provider Plugins
All of the plugins documented here require V4.1 and above and will not work in older versions. The latest versions of many of them require V4.2; this will be noted during upgrades to V4.2 (or blocked if an attempt to install onto V4.1 is made).
The Shibboleth IdP software, as of V4.1 and above, supports the concept of Plugins, add-on packages that add functionality and optionally expose Modules with individual features that can be enabled or disabled. Most new software features will be packaged as plugins to the core software to reduce the frequency of upgrades solely to deliver new features and to minimize the impact of security vulnerabilities.
The following table provides a summary of known plugins available (both first- and third-party) along with links to the appropriate documentation. See below for any security advisories published.
OIDC OP support (requires install of OIDCCommon) | |
Duo UniversalPrompt OIDC-based login support (requires install of OIDCCommon) | |
Generic TOTP OATH token login support | |
Implementation of the Nashorn ECMAscript language (provided for JDK versions >=15) | |
Implementation of the Rhino ECMAscript language common prior to Java 8 | |
Implementation of reusable Java components related to OpenID Connect and OAuth features | |
(BETA) A command-line tool to generate metadata based on shallow introspection of the IdP configuration properties |
Security Advisories