Skip to end of metadata
Go to start of metadata

Shibboleth Implemented Protocols and Profiles

Below is a list of the protocols and profiles supported by the latest Shibboleth products.

  • A YES does not indicate that every possible option has been implemented as some protocol/profiles have many tens or hundreds of possible options. It does indicate that at minimum all required options are supported.
  • Some protocol implementations may not be available in the base download, but are available as extensions.

Identity and Service Provider

Protocol/Profile

Identity Provider

Native Service Provider

SAML 1.11

 

 

  • SSO Profile

YES

YES

  • Shibboleth SSO Request Profile

YES

YES

  • Attribute Query

YES 5

YES 2

  • Artifact Resolution

YES

YES

SAML 2.0

 

 

  • SSO

YES 4

YES

  • Attribute Query

YES 5

YES 2

  • Artifact Resolution

YES

YES

  • Enhanced Client

YES 6

YES

  • Single Logout

NO
(back channel support planned)

YES

  • Name ID management

NO

YES 3

  • Name ID mapping

NO

NO

WS-Federation Passive (ADFS)

NO

YES
(included with SP, but not enabled by default)

US eAuth v1

NO

YES
(via SAML 1.0 artifact support)

WS-Trust 1.3

NO

NO

OpenID 1

NO

NO

OpenID 2

NO

NO

OAuth

NO

NO

1Support for SAML 1.0 is minimal and mostly accidental with current releases.
2
Implemented as part of SSO profile support, not currently exposed separately.
3 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
4 HTTP-Artifact binding only supported outbound to SP, not inbound.
5 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
6 The basic variant is in the core since IdP 2.3. The delegated variant requires an extension. See ECP for details.

Discovery Services

Protocol/Profile

Centralized DS

Embedded DS

Shibboleth 1 Discovery (WAYF) Protocol

YES

NO

SAML 2 Discovery Service Protocol

YES

YES

  • No labels