The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.
ShibHandle
A Shibboleth handle (ShibHandle) is a proprietary NameIdentifierFormat introduced by Shibboleth 1.x:
<saml:Subject
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:NameIdentifier
Format="urn:mace:shibboleth:1.0:nameIdentifier"
NameQualifier="https://idp.example.org/shibboleth">
3f7b3dcf-1674-4ecd-92c8-1544f346baf8
</saml:NameIdentifier>
</saml:Subject>
Being an opaque identifier, a ShibHandle addresses privacy concerns lacking in SAML 1.1.
There are two implementations of the Shibboleth handle: SharedMemoryShibHandle and CryptoShibHandle. The SharedMemoryShibHandle implementation maintains state at the IdentityProvider, whereas the CryptoShibHandle does not.