Supported Platforms and Versions

Deployers should be aware of the following platform/version requirements for V3:

Some older versions of Red Hat Enterprise Linux and CentOS ship with the GNU Java compiler and VM (gcj) by default. These are not usable with Shibboleth so you must install another JVM.

We have historically recommended the use of Oracle's "standard" JVM on all platforms. The OpenJDK implementation that ships with many Linux distributions is used by many deployers, but the community has off and on reported various problems that have frequently been traced to the use of OpenJDK, including memory leaks. You should expect that reports of unexplained problems may be met with a request to reproduce them on Oracle's JVM.

We test extensively on the "standard" OpenJDK build provided by Oracle, and given recent announcements by Oracle regarding their intent to begin charging for the Oracle JDK, we expect to move towards a more explicit recommendation regarding OpenJDK and the "supported" options for using it. We do not expect that this will include OS-specific versions provided by Red Hat or similar vendors.

Unusable Platforms and Versions

The following common configurations, and versions often in use with prior IdP versions, are specifically NOT usable with V3:

Alternative Java Implementations

While we support only the Oracle and OpenJDK Java implementations, it is possible in principle to use alternatives, but they will not in general be likely to work out of the box because the default configuration includes settings to secure the XML parser that is built into the Java reference implementation. At minimum, you will need to change or remove the "SecurityManager" implementation specified in system/conf/global.xml and you will be forced to take responsibility for the result of that change, which could introduce vulnerabilities (typically denial of service vectors) into the software.

An alternative SecurityManager class, if one exists, can be established by setting a idp.xml.securityManager property in conf/ or as a system property.