A Shibboleth handle (ShibHandle) is a proprietary NameIdentifierFormat introduced by Shibboleth 1.x:

<saml:Subject
  xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
  <saml:NameIdentifier 
	 Format="urn:mace:shibboleth:1.0:nameIdentifier"
	 NameQualifier="https://idp.example.org/shibboleth">
	 3f7b3dcf-1674-4ecd-92c8-1544f346baf8
  </saml:NameIdentifier>
</saml:Subject>

Being an opaque identifier, a ShibHandle addresses privacy concerns lacking in SAML 1.1.

There are two implementations of the Shibboleth handle: SharedMemoryShibHandle and CryptoShibHandle. The SharedMemoryShibHandle implementation maintains state at the IdentityProvider, whereas the CryptoShibHandle does not.

Browser not supported