The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.


Relying Party Shibboleth SSO Profile Configuration

This profile configuration enables and configures the Shibboleth SSO profile. This is the profile used by Shibboleth 1.X allowing an SP to solicit an authentication response from the IdP.

Basic Configuration

This profile is configured by adding the <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" /> element to a RelyingParty definition. This element supports the following basic attributes:

  • includeAttributeStatement - (optional) a boolean flag indicating whether to include an attribute statement in addition to the authentication statement, defaults to false
Example Shibboleth SSO Profile Configuration Overriding some Defaults
<ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile"

Advanced Configuration

The Shibboleth SSO profile configuration supports the following advanced configuration attributes:

In addition, the Shibboleth SSO profile configuration element supports one child element:

  • <Audience> whose content is used to populate the <Audience> elements of the <AudienceRestrictionCondition> element. This element may appear any number of times, one for each audience.