The Shibboleth team is pleased to announce Release 2.0 of the Shibboleth system software.

v2.0 is a major new release that significantly improves interoperability, functionality, and manageability. It also provides more options for deployment while simplifying the installation process. A list of major new features can can be found below.

Shibboleth 2.0 now becomes the "current stable release". Shibboleth v1.3.x moves from "current stable release" to "previous stable release". On May 19, 2008, which is 60 days after the release of Shibboleth 2.0, Shibboleth v1.2.x moves from "previous stable release" to unsupported.

Documentation is available on our wiki. As a major new release, the Identity Provider features a revised configuration structure with a new installation process. There is no direct migration of older installations. The Service Provider includes significant new functionality but the primary configuration files are similar to those used with the previous release.

Binary packages are available for Windows, Solaris 8 and 10, Mac OS X, and Red Hat Enterprise Linux 4 and 5. The IdP implementation is entirely in Java, so there is one package for all platforms. It has been tested with Sun Java 1.5 and 1.6, and the Apache and JBoss servlet containers.

Source, binaries, and some dependencies are available from the downloads directory

Older releases and dependencies can be found in the archive directory for each component.

Shibboleth is an open source project, and we do not guarantee support. Commercial support of Shibboleth is available from several vendors.

However, if you encounter problems, you can join the shibboleth-users mailing list, and post a description of your problem. Members of the global Shibboleth community support each other using that email list.

If you discover a bug, please post it to our Jira-based issue repository. Bugs can be posted against Shibboleth IdP 2 - Java, Shibboleth SP - C++ , and Shibboleth Discovery Service - Java

Lastly, a BIG thank you to the many people who helped us test this version, and improve the quality of the overall package, the install process, and the documentation.

We expect that over the coming months the federations where Shibboleth is used will announce support for this new release and SAML 2 endpoints in their federation metadata. Please check with your federation for detailed information on their plans.

• Interoperability
  1. Improved interoperability with commercial and open source federation solutions.
  2. Support for SAML 2.0 and SAML 1.1. Fully backward compatible with Shibboleth 1.3. Some interoperability testing has been done between a Shibboleth v1.2 IdP and a 2.0 SP. That minimal testing has been successful; however, 1.2 is no longer supported, and no guarantees are offered.
  3. New default behavior eliminates callbacks and extra firewall/SSL configuration for SAML 2.0 deployments. Note that few Service Providers are currently ready to support this mode.
• Manageability
  1. Improved support for managing metadata, including real-time download and caching, and generation of provider metadata from configuration.
  2. Flexible new attribute release and acceptance policy engines with shared syntax.
  3. Integration with most major identity stores, including Microsoft Active Directory, Kerberos, LDAP-compliant directory services, and JDBC-compliant databases.
  4. Improved backend support in the IdP for persistent opaque identifiers to facilitate privacy-preserving access to services.
  5. The IdP can reload almost all configuration files within a running system.
  6. The IdP now maintains separate Access and Audit logs.
• Functionality
  1. Encryption of user data between providers, even without callbacks.
  2. Optional authentication support available in the IdP via JAAS.
  3. Extensive clustering support for both the IdP and the SP.
  4. A new Discovery Service implementation compliant with the OASIS SAML Discovery Service protocol, supporting multi-protocol federation deployments. SPs who are members of multiple federations are strongly encouraged to investigate this new component.
  5. FastCGI support within the SP.
  6. Stable and documented APIs for extending a variety of IdP and SP functionality.
• More options for deployment
  1. Support for a Tomcat-only deploy of the IdP. This is now the easiest and most straightforward way to learn about the Shibboleth software. Sites should evaluate the suitability of this configuration for production use.
  2. The IdP component will run in the Apache and JBoss servlet containers, on most OS platforms.
  3. Much simplified installation process for testing and evaluating both the IdP and SP components.
  4. SP Packages will be provided for all major platforms, including widely used Linux distributions, Solaris, Windows, and Mac.