6 https://wiki.shibboleth.net/confluence/display/DEV/SPRoadmap
8 NOTE: The shibboleth2.xml configuration format in this release
9 is fully compatible with the 2.x releases, but there are significant
10 new options available to simplify the majority of configurations.
11 A stripped down default configuration and a "full" example file are
16 - SAML 1.0, 1.1, 2.0 Single Sign-On
17 - Shibboleth 1.x request profile
18 - 1.x POST/Artifact profiles
19 - 2.0 HTTP-Redirect/POST/POST-SimpleSign/Artifact/PAOS bindings
21 - SAML 1.0, 1.1, 2.0 Attribute Query via Attribute Resolver plugin
24 - SAML 2.0 Single Logout
25 - HTTP-Redirect/POST/POST-SimpleSign/Artifact bindings
26 - Front and back-channel application notification of logout
27 - Race detection of late arriving assertions
29 - SAML 2.0 NameID Management (IdP-initiated only)
30 - HTTP-Redirect/POST/POST-SimpleSign/Artifact bindings
31 - Front and back-channel application notification of changes
33 - ADFS WS-Federation Support
35 - experimental support for SAML 2.0 assertions
37 - Shibboleth WAYF and SAML DS protocols for IdP Discovery
38 - Generates JSON feed of IdPs using UIInfo metadata extensions
41 - Bulk resolution via local file, or URL with local file backup
42 - Dynamic resolution and caching based on entityID or MDX
43 - Filtering based on whitelist, blacklist, or signature verification
44 - Support for enhanced PKI processing in transport and signature verification
46 - Metadata Generation Handler
47 - Generates and optionally signs SAML metadata based on SP configuration
50 - Reports on status and configuration of SP
53 - Dumps information about an active session
56 - Explicit key and PKIX engines via metadata, superset compatible with 1.3
57 - PKIX trust engine with static root list
59 - Configurable per-endpoint Security Policy rules
60 - Replay and freshness detection
62 - Simple "blob" signing
63 - TLS X.509 certificate authentication
64 - SAML condition handling, including delegation support
66 - Client transport authentication to SOAP endpoints via libcurl
67 - TLS X.509 client certificates
69 - Digest-Auth (untested)
73 - All incoming SAML 2 encrypted element types (Assertion, NameID, Attribute)
74 - Optional outgoing encryption of NameID in requests and responses
77 - Black/whitelisting of XML security algorithms (with xml-security 1.6+)
78 - RSA and ECDSA signatures (EC requires xml-security 1.6+ and support from openssl)
79 - Metadata-based algorithm selection
82 - Decoding and exporting SAML 1 and 2 attributes
84 - Value/scope pairs (legacy and value@scope syntaxes supported)
87 - XML to base64-encoded XML
88 - DOM to internal data structure
89 - KeyInfo-based data, including metadata-derived KeyDescriptors
90 - Metadata EntityAttributes extension "tags"
93 - Policy language compatible with IdP filtering, except that references
94 only work within policy files, not across them
95 - Rules based on, attribute issuer, requester, scope, and value, authentication
96 method, based on exact string and regular expressions.
97 - Boolean functions supporting AND, OR, and NOT for use in composing rules
98 - Wildcard rules allowing all unspecified attributes through with no filtering
101 - Oversized header replaced with Shib-Assertion-Count and Shib-Assertion-NN headers
102 containing local URL to fetch SAML assertion using HTTP GET
104 - Enhanced Spoofing Detection
105 - Detects and blocks client headers that would match known attribute headers
106 - Key-based mechanism to handle internal server redirection while maintaining protection
108 - ODBC Clustering Support
109 - Tested against a few different servers with various drivers
111 - RequestMap enhancements
112 - Regular expression matching for hosts and paths
113 - Query string parameter matching
115 - Error handling enhancements
116 - Reporting of SAML status errors
117 - Optional redirection to custom error handler
119 - Form POST data preservation
120 - Support on Apache for preserving URL-encoded form data across SSO
122 - Apache module enhancements
123 - "OR" coexistence with other authorization modules
124 - htaccess-based override of any valid RequestMap property
125 - htaccess support for external access control plugins
128 - samlsign for manual XML signing and verification
129 - mdquery for interrogating via metadata configuration
130 - resolvertest for exercising attribute extraction, filtering, and resolution