Skip to end of metadata
Go to start of metadata

Shibboleth Implemented Protocols and Profiles

Below is a list of the protocols and profiles supported by the latest Shibboleth products.

  • A YES does not indicate that every possible option has been implemented as some protocol/profiles have many tens or hundreds of possible options. It does indicate that at minimum all required options are supported.
  • Some protocol implementations may not be available in the base download, but are available as extensions.

Identity and Service Provider

Protocol/Profile

Identity Provider

Native Service Provider

SAML 1.11

 

 

  • SSO Profile

YES

YES

  • Shibboleth SSO Request Profile

YES

YES

  • Attribute Query

YES 5

YES 2

  • Artifact Resolution

YES

YES

SAML 2.0

 

 

  • SSO

YES 4

YES

  • Attribute Query

YES 5

YES 2

  • Artifact Resolution

YES

YES

  • Enhanced Client

YES 6

YES

  • Single Logout

YES7

YES

  • Name ID management

NO

YES 3

  • Name ID mapping

NO

NO

WS-Federation Passive (ADFS)

NO

YES
(included with SP, but not enabled by default)

WS-Trust 1.3

NO

NO

OpenID 1

NO

NO

OpenID 2

NO

NO

OAuth

NO

NO

OpenID ConnectNONO

1Support for SAML 1.0 is minimal and mostly accidental with current releases.
2
Implemented as part of SSO profile support, exposed through additional features in SP 2.6.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 HTTP-Artifact binding only supported outbound to SP, not inbound.
5 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
6 The basic variant is in the core since IdP 2.3. The delegated variant requires an extension. See ECP for details.
7A first implementation of real Single Logout was added in IdP 3.2 and is still under active development.

Discovery Services

Protocol/Profile

Centralized DS

Embedded DS

Shibboleth 1 Discovery (WAYF) Protocol

YES

NO

SAML 2 Discovery Service Protocol

YES

YES

  • No labels