The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.
The native SP is written in C++ and is integrated with various web servers directly using the proprietary APIs they provide. A mix of native server integration and portable configuration is provided (though native support is mostly confined to the Apache version). Most of the portable configuration is handled by various files in the /etc/shibboleth directory, but the web server configuration itself determines some of the SP's behavior.
Metadata defines a partner site's capabilities, endpoints, keys, and other useful information. The Shibboleth software implicitly trusts the metadata it is given and uses it as a basis for all of its runtime decisions and choices.
The SP extracts attributes it receives from SAML assertions and prepares them for use by web applications using AttributeExtractor plugins. The default version is configured using an XML file named attribute-map.xml. You can add additional files in a chain, or modify the existing file.
Rules are applied to extracted and resolved attributes using attribute filter policies. The default version used by the native SP shares the same basic language and most of the features of the Java AFP implementation, and is configured using an XML file named attribute-policy.xml. You can add additional files in a chain, or modify the existing file.
Web Server Configuration
Some mandatory configuration is always required to integrate the SP with a web server. Some servers also support a degree of "native" integration enabling the SP to be partly controlled from the web server's own configuration file(s).