How Shibboleth Works: Profiles and Bindings

How Shibboleth Works: Profiles and Bindings

Profiles

The SAML specification is comprised of several documents:

The Core document defines all the various XML elements and attributes and lays down some basic rules about their content (e.g. attribute X must be a positive number). The Core document is similar to a dictionary in that it defines words but doesn’t specify how to put them together to create something meaningful.

The Profiles document describes how to perform a specific function (e.g. perform a Single Sign-on request) with the elements defined in the Core document. It essentially provides the rules of grammar.

Profiles are the unit of interoperability within SAML (and by extension Shibboleth), which means that products should interoperate if they support a given profile. The list of profiles supported by Shibboleth can be found here.

Bindings

Bindings are mentioned in connection with metadata and certain configuration files and are used by the SAML protocol to define how the various software components transport messages to recipients. These include the POST binding that defines how to use an HTTP POST request to send a message, how to format the message, and the name of the POST parameter that contains the message. The Redirect binding defines how to deliver a message by placing it within the URL of an HTTP redirect request.