Internet2 har släppt Shibboleth IDP 3.0
– consent and post-login attribute checking for broken apps like Google
– built-in client-side sessions for those wise enough to give up on single logout
– built-in memcache and Hibernate session options
– native LDAP, Kerberos, and X.509 authentication along with JAAS
– reuse of a single login config for browser and ECP clients
– arbitrary classification of relying parties into categories using pluggable conditions
– support for all SAML authn context comparison types
– multi-tab login support, assuming webflow works as advertised
– support for on-demand metadata lookup
– a CAS server implementation built by a CAS developer who’s joined the project
– direct configuration of NameID generation instead of indirectly using attribute config
– GCM encryption for SPs that support it
– per-RP and metadata-based algorithm selection
– decryption support for Encrypted NameIDs in a request
http://shibboleth.net/pipermail/announce/2014-December/000092.html
Magnus Hübner