7 Fully Supported (no major changes planned prior to stable release)
9 - SAML 1.0, 1.1, 2.0 Single Sign-On
10 - Shibboleth 1.x request profile
11 - 1.x POST/Artifact profiles
12 - 2.0 HTTP-Redirect/POST/POST-SimpleSign/Artifact bindings
14 - SAML 1.0, 1.1, 2.0 Attribute Query via Attribute Resolver plugin
17 - Shibboleth WAYF and SAML DS protocols for IdP Discovery
20 - Bulk resolution via local file, or URL with local file backup
21 - Filtering based on whitelist, blacklist, or signature verification
24 - Explicit key via metadata and PKIX engines, superset compatible with 1.3
26 - Configurable per-endpoint Security Policy rules
27 - SAML 1/2 message processing
28 - Replay and freshness detection
30 - Simple "blob" signing
31 - TLS client certificates
33 - Client transport authentication to SOAP endpoints
34 - TLS client certificates
40 - All incoming SAML 2 encrypted element types (Assertion, NameID, Attribute)
41 - Optional outgoing encryption of NameID in requests and responses
44 - Decoding and exporting SAML 1 and 2 attributes
46 - Value/scope pairs (legacy and value@scope syntaxes supported)
50 - Policy language compatible with IdP filtering, except that references
51 only work within policy files, not across them
52 - Rules based on, attribute issuer, requester, scope, and value, authentication
53 method, based on exact string and regular expressions.
54 - Boolean functions supporting AND, OR, and NOT for use in composing rules
55 - Wildcard rules allowing all unspecified attributes through with no filtering
58 - Oversized header replaced with Shib-Assertion-Count and Shib-Assertion-NN headers
59 containing local URL to fetch SAML assertion using HTTP GET
61 - Enhanced Spoofing Detection
62 - Detects and blocks client headers that would match known attribute headers
64 - ODBC Clustering Support
65 - Only tested against Microsoft SQL Server using MS and FreeDTS ODBC drivers
69 Partially Supported (lightly or untested, probably contain bugs, may change significantly)
71 - SAML 2.0 Single Logout and Local-Only Logout
72 - Full support implemented but untested and unlikely to work
73 - Race detection to prevent late arriving assertions not yet implemented
74 - Front channel application notification implemented but intested
75 - Back channel application notification not yet implemented
81 - ADFS / WS-Federation Support
82 - Upgrade installations on Windows
83 - Migrating 1.3 configuration files