Shibboleth Implemented Protocols and Profiles

Below is a list of the protocols and profiles supported by the latest Shibboleth products.

Identity and Service Provider

Protocol/Profile

Identity Provider

Native Service Provider

SAML 1.x

 

 

  • SSO Profile

YES

YES

  • Shibboleth SSO Request Profile

YES

YES

  • Attribute Query

YES 4

YES 1

  • Artifact Resolution

YES

YES

SAML 2.0

 

 

  • SSO

YES 3

YES

  • Attribute Query

YES 4

YES 1

  • Artifact Resolution

YES

YES

  • Enhanced Client

YES 5

YES

  • Single Logout

NO
(back channel support planned)

YES

  • Name ID management

NO

YES 2

  • Name ID mapping

NO

NO

WS-Federation Passive (ADFS)

NO

YES
(included with SP, but not enabled by default)

US eAuth v1

NO

YES
(via SAML 1.0 artifact support)

WS-Trust 1.3

NO

NO

OpenID 1

NO

NO

OpenID 2

NO

NO

OAuth

NO

NO

1 Implemented as part of SSO profile support, not currently exposed separately.
2 Implemented only in the form of application notification hooks for IdP-initiated protocol. SP-initiated not supported.
3 HTTP-Artifact binding only supported outbound to SP, not inbound.
4 Implemented to rely on SPSSODescriptor role in metadata, no support for query extension role as yet.
5 The basic variant is in the core since IdP 2.3. The delegated variant requires an extension. See ECP for details.

Discovery Services

Protocol/Profile

Centralized DS

Embedded DS

Shib 1 Discovery (WAYF) Protocol

YES

NO

SAML 2 Discovery Service Protocol

YES

YES