Shibboleth allows users to securely send trusted information about themselves to remote resources. This information may then be used for authentication, authorization, content personalization, and enabling single sign-on across a broad range of services from many different providers.

Identity Provider(IdP) V2 is now unsupported (as is the Centralized Discovery Service product). The V3 Identity Provider software, which should be used instead, has its own documentation space.

The current stable release of the Service Provider(SP) is 2.6.1. There are no previous stable releases at this time. SP V2 is fully interoperable with all releases of the Shibboleth IdP software.

The minimum safe release of the SP is v2.6.1 in conjunction with the latest library updates. If you are running versions prior to these, you should upgrade immediately or take steps to protect your system by reviewing the advisories. In all cases, there may be important security issues affecting any versions other than the latest ones and you should always review the advisories to ensure you understand whether your particular system might be affected.

All software, including archived releases, is available from and each release is accompanied by a detached PGP signature using one of the keys listed in the project's KEYS file.  High-level information to get started with SAML and Shibboleth can be found in the Concepts wiki space.

All our software is licensed under the Apache 2.0 open source software license.

All deployers should make sure to subscribe to to the announce mailing list to be sure of seeing important security announcements.

Software Concepts
Security Advisories

Mailing Lists
Enabled Applications and Services
Demonstration Sites
Contributions and Extensions

Project Planning
Bug Reports / Issue Tracking
Accessing & Building the Source Code
Technical Specifications
Development Documentation