The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.


Shibboleth, as a general specification, relies on a pair of published SAML specifications and some additional guidelines, outlined in the Shibboleth Protocol Specification, the latest version of which can be found in the TechnicalSpecs topic.

As a practical matter, basic interoperability is not fully addressed by that specification because of gaps in the SAML specification and extensions defined by the Shibboleth implementation to address value-added features.

Herein, we define the additional assumptions, behavior, and supported features of the Shibboleth software itself.

Schema Extensions

The schema currently supported by ShibOnedotThree is in the namespace urn:mace:shibboleth:metadata:1.0 and is defined by this document.

At this time, it is expected that ShibTwodotZero will also support this schema, and will not define additional extensions.


Formerly <OriginSite> / <Domain> in older Shibboleth versions, this element is found in the <md:Extensions> element of an attribute-supplying role descriptor ( <md:IDPSSODescriptor> , <md:AttributeAuthorityDescriptor>). As of Shibboleth 2.0, the element can also be placed into the <md:Extensions> element of the <md:EntityDescriptor> element as well, applying to all roles.

Each element identifies a permissible attribute "scope" for the role. Scope is an attribute-specific concept used in Shibboleth to enhance the functionality of the AttributeAcceptancePolicy features.


Formerly <Trust> / <KeyAuthority> in older Shibboleth versions, this element is found in the <md:Extensions> element of the <md:EntitiesDescriptor> and <md:EntityDescriptor> elements.

Each element represents a set of input to a certificate path-building operation during transactions involving the roles or system entities contained within the parent element. Each <ds:KeyInfo> element represents a single trust anchor for such operations, generally an X.509 certificate.

The VerifyDepth attribute controls the maximum path length to allow, using the PKIX-specified definition of path length (which is basically one less than the actual chain length?)