Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP30 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

The SP includes so-called "RP" support for the WS-Federation protocol as profiled by Microsoft in their ADFSv1 product. The SP can act as a WS-Federation Passive Profile relying party in the same fashion that it supports SAML. All SP features not specific to the SAML protocol are supported equally for WS-Federation IdPs.


Support for WS-Federation is currently provisioned and secured using the same metadata sources used for SAML. A profile of SAML metadata for use by WS-Federation peers was developed for the Shibboleth 1.3 release and remains supported in Shibboleth 2.0.

So the first step in enabling this support is to obtain or create metadata for the IdP following the profile. Without it, nothing will happen when you try to use the SP's features, or you'll get a metadata-related error.

Activating the ADFS Extension

The WS-Federation code for the SP is supplied in an extension that is included with the SP source code, and is built by default and included with binary packages. The extension is contained in two libraries, one for shibd and one for the web server filter/module. These are named and respectively.

To load the extension, each library must be added to the <Extensions> element in the <OutOfProcess> and <InProcess> elements like so (the example isn't complete, only the relevant parts are shown):

			<Library path="" fatal="true"/>
			<Library path="" fatal="true"/>
  • No labels