7 NOTE: The shibboleth2.xml configuration format in this release
8 is compatible with the RC1 release. Upgrading from earlier
9 releases is NOT supported without replacing the configuration
10 file and reapplying changes.
14 - SAML 1.0, 1.1, 2.0 Single Sign-On
15 - Shibboleth 1.x request profile
16 - 1.x POST/Artifact profiles
17 - 2.0 HTTP-Redirect/POST/POST-SimpleSign/Artifact/PAOS bindings
19 - SAML 1.0, 1.1, 2.0 Attribute Query via Attribute Resolver plugin
22 - SAML 2.0 Single Logout
23 - HTTP-Redirect/POST/POST-SimpleSign/Artifact bindings
24 - Front and back-channel application notification of logout
25 - Race detection of late arriving assertions
27 - SAML 2.0 NameID Management (IdP-initiated only)
28 - HTTP-Redirect/POST/POST-SimpleSign/Artifact bindings
29 - Front and back-channel application notification of changes
31 - ADFS WS-Federation Support
33 - experimental support for SAML 2.0 assertions
35 - Shibboleth WAYF and SAML DS protocols for IdP Discovery
38 - Bulk resolution via local file, or URL with local file backup
39 - Dynamic resolution and caching based on entityID
40 - Filtering based on whitelist, blacklist, or signature verification
42 - Metadata Generation Handler
43 - Generates and optionally signs SAML metadata based on SP configuration
46 - Reports on status and configuration of SP
49 - Dumps information about an active session
52 - Explicit key and PKIX engines via metadata, superset compatible with 1.3
53 - PKIX trust engine with static root list
55 - Configurable per-endpoint Security Policy rules
56 - Replay and freshness detection
58 - Simple "blob" signing
59 - TLS X.509 certificate authentication
61 - Client transport authentication to SOAP endpoints via libcurl
62 - TLS X.509 client certificates
64 - Digest-Auth (untested)
68 - All incoming SAML 2 encrypted element types (Assertion, NameID, Attribute)
69 - Optional outgoing encryption of NameID in requests and responses
72 - Decoding and exporting SAML 1 and 2 attributes
74 - Value/scope pairs (legacy and value@scope syntaxes supported)
78 - Policy language compatible with IdP filtering, except that references
79 only work within policy files, not across them
80 - Rules based on, attribute issuer, requester, scope, and value, authentication
81 method, based on exact string and regular expressions.
82 - Boolean functions supporting AND, OR, and NOT for use in composing rules
83 - Wildcard rules allowing all unspecified attributes through with no filtering
86 - Oversized header replaced with Shib-Assertion-Count and Shib-Assertion-NN headers
87 containing local URL to fetch SAML assertion using HTTP GET
89 - Enhanced Spoofing Detection
90 - Detects and blocks client headers that would match known attribute headers
91 - Does not support Apache mod_rewrite, but can be disabled when necessary
93 - ODBC Clustering Support
94 - Tested against a few different servers with various drivers
96 - RequestMap enhancements
97 - Regular expression matching for hosts and paths
98 - Query string parameter matching
100 - Error handling enhancements
101 - Reporting of SAML status errors
102 - Optional redirection to custom error handler
104 - Apache module enhancements
105 - "OR" coexistence with other authorization modules
106 - htaccess-based override of any valid RequestMap property
109 - samlsign for manual XML signing and verification
110 - mdquery for interrogating via metadata configuration
111 - resolvertest for exercising attribute extraction, filtering, and resolution
113 - Migrating 1.3 core configuration file
114 - Stylesheet can handle some common options