Derek Atkins
IHTFP Consulting, Inc
- derek@ihtfp.com
Scott Cantor
The Ohio State University
- cantor.2@osu.edu
Jim Fox
University of Washington
- fox@washington.edu
Walter Hoehn
The University of Memphis
- wassa@memphis.edu
Chad LaJoie
Itumi, LLC.
- lajoie@itumi.biz
Derek Morr
Penn State University
- dvm105@psu.edu
Will Norris
- will@willnorris.com
Brent Putman
Georgetown University
- putmanb@georgetown.edu
Rod Widdowson
Steading Software, Inc.
- rdw@steadingsoftware.com
Project Management
- RL "Bob" Morgan
- University of Washington
- rlmorgan@washington.edu
-
Steven Carmody
Brown University
- Steven_Carmody@brown.edu
+
+ Nicole Harris
+ TERENA
Ken Klingenstein
Internet2
- kjk@internet2.edu
+ Thomas Lenggenhager
+ SWITCH
+
+ RL "Bob" Morgan
+ University of Washington
+ http://shibboleth.net/community/news/20120717.html
Thanks to:
-Welcome to Internet2's Shibboleth
-
Shibboleth is a federated web authentication and attribute exchange system
-based on SAML developed by Internet2 and MACE.
+based on SAML, originally developed by Internet2 and now a product of the
+Shibboleth Consortium.
Please review the terms described in the LICENSE.txt file before using this
-code. It is now the Apache 2.0 license.
+code. It is the standard Apache 2.0 license.
A wealth of information about Shibboleth can be found at
-http://shibboleth.internet2.edu/
+http://shibboleth.net/
Shibboleth is divided into identity and service provider components, with the
-IdP in Java and the SP in C and C++.
+IdP in Java and the SP (this software) in C++.
Source and binary distributions are available from
-http://www.shibboleth.net/downloads/
+http://shibboleth.net/downloads/
-SVN is available for anonymous access, as described at the Shibboleth
+The source is available in Subversion, as described in the Shibboleth
site. Mailing lists and a bug database (https://issues.shibboleth.net/) are
-also available. Not all of the lists are open, but a general support list is
-available and is open.
+also available.
-For basic information on building from source, installing binaries, and deploying
+For basic information on building from source, using binaries, and deploying
Shibboleth, refer to the web site and Wiki for the latest documentation.
-Release Notes
+Shibboleth Native SP Release Notes
-Shibboleth Native SP
+---------------------------------------------------------------------
+This release is dedicated to our friend RL 'Bob' Morgan, who passed
+in 2012, and without which the Shibboleth Project would not have come
+into being.
-Fix/enhancement lists:
+http://shibboleth.net/community/news/20120717.html
+---------------------------------------------------------------------
+
+Fix/Enhancement Lists:
https://wiki.shibboleth.net/confluence/display/DEV/SPRoadmap
+Important Changes:
+https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfigurationChanges
+
+Feature Highlights:
+https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPInterestingFeatures
+
NOTE: The shibboleth2.xml configuration format in this release
is fully compatible with the 2.x releases, but there are significant
new options available to simplify the majority of configurations.
- General Security
- Black/whitelisting of XML security algorithms (with xml-security 1.6+)
- RSA and ECDSA signatures (EC requires xml-security 1.6+ and support from openssl)
+ - AES-GCM encryption (requires xml-security 1.7+ and support from openssl)
- Metadata-based algorithm selection
- Attributes
- Support on Apache for preserving URL-encoded form data across SSO
- Apache module enhancements
- - "OR" coexistence with other authorization modules
+ - Apache 2.4 support including authz
+ - "OR" coexistence with other authz modules on older Apache
- htaccess-based override of any valid RequestMap property
- htaccess support for external access control plugins