The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

ShibHandle

Owned by Scott Cantor
Last updated: Dec 22, 2006Version comment
1 min read

A Shibboleth handle (ShibHandle) is a proprietary NameIdentifierFormat introduced by Shibboleth 1.x:

<saml:Subject
  xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
  <saml:NameIdentifier 
	 Format="urn:mace:shibboleth:1.0:nameIdentifier"
	 NameQualifier="https://idp.example.org/shibboleth">
	 3f7b3dcf-1674-4ecd-92c8-1544f346baf8
  </saml:NameIdentifier>
</saml:Subject>

Being an opaque identifier, a ShibHandle addresses privacy concerns lacking in SAML 1.1.

There are two implementations of the Shibboleth handle: SharedMemoryShibHandle and CryptoShibHandle. The SharedMemoryShibHandle implementation maintains state at the IdentityProvider, whereas the CryptoShibHandle does not.