7 Fully Supported (no major changes planned prior to stable release)
9 - SAML 1.0, 1.1, 2.0 Single Sign-On
10 - Shibboleth 1.x request profile
11 - 1.x POST/Artifact profiles
12 - 2.0 HTTP-Redirect/POST/POST-SimpleSign/Artifact bindings
14 - SAML 1.0, 1.1, 2.0 Attribute Query via Attribute Resolver plugin
17 - SAML 2.0 Single Logout
18 - HTTP-Redirect/POST/POST-SimpleSign/Artifact bindings
19 - Front and back-channel application notification of logout
20 - Race detection of late arriving assertions
22 - ADFS WS-Federation Support
25 - Shibboleth WAYF and SAML DS protocols for IdP Discovery
28 - Bulk resolution via local file, or URL with local file backup
29 - Dynamic resolution and caching based on entityID
30 - Filtering based on whitelist, blacklist, or signature verification
33 - Explicit key and PKIX engines via metadata, superset compatible with 1.3
34 - PKIX trust engine with static root list
36 - Configurable per-endpoint Security Policy rules
37 - Replay and freshness detection
39 - Simple "blob" signing
40 - TLS X.509 certificate authentication
42 - Client transport authentication to SOAP endpoints
43 - TLS X.509 client certificates
49 - All incoming SAML 2 encrypted element types (Assertion, NameID, Attribute)
50 - Optional outgoing encryption of NameID in requests and responses
53 - Decoding and exporting SAML 1 and 2 attributes
55 - Value/scope pairs (legacy and value@scope syntaxes supported)
59 - Policy language compatible with IdP filtering, except that references
60 only work within policy files, not across them
61 - Rules based on, attribute issuer, requester, scope, and value, authentication
62 method, based on exact string and regular expressions.
63 - Boolean functions supporting AND, OR, and NOT for use in composing rules
64 - Wildcard rules allowing all unspecified attributes through with no filtering
67 - Oversized header replaced with Shib-Assertion-Count and Shib-Assertion-NN headers
68 containing local URL to fetch SAML assertion using HTTP GET
70 - Enhanced Spoofing Detection
71 - Detects and blocks client headers that would match known attribute headers
73 - ODBC Clustering Support
74 - Only tested against Microsoft SQL Server using MS and FreeDTS ODBC drivers
76 - RequestMap enhancements
77 - Regular expression matching for hosts and paths
78 - Query string parameter matching
80 - Error handling enhancements
81 - Reporting of SAML status errors
82 - Optional redirection to custom error handler
84 - Apache module enhancements
85 - "OR" coexistence with other authorization modules
86 - htaccess-based override of any valid RequestMap property
89 - samlsign for manual XML signing and verification
90 - mdquery for interrogating via metadata configuration
91 - resolvertest for exercising attribute extraction, filtering, and resolution
99 - Embedded discovery UI
100 - Upgrade installations on Windows
101 - Migrating 1.3 configuration files