CAF – Recommended IdP Software

Any software that supports SAML2 can be used in Federated Identity Management (FIM). The prevalent installation choice is Shibboleth, which is also CANARIE’s chosen base for the reference FIM implementation due to feature robustness, security, and maintainability.

Other software may be used but may require sites to perform extra steps or bear increased security risks that the Shibboleth software already provides by design.

Software that supports validated multi-lateral SAML2 aggregates can be used in FIMS. Shibboleth is CANARIE’s reference for FIMS implementation due to its robust feature options, security, and maintainability.

ADFS with ADFSToolkit is also a supported solution path. Other software can be used but may require extra steps or security considerations that the Shibboleth software does not. Please refer to the illustration below for CANARIE’s supported and endorsed platforms:

You can find the installation guide for Shibboleth here and the ADFSToolkit v2 here.

Considering an approach other than Shibboleth or ADFS?  

We’re here to help. Contact us at and we can help you find the best solution for your organization.

Comparing SAML2 Identity Provider Solutions

Organizations using something other than Shibboleth as their Identity Provider should take into consideration the differences they may encounter and how they should respond to the differences in features supported, such that they remain in compliance with federation policies