The following features can be enabled after we upgrade the Shibboleth IdP software on weblogin idpz servers to V4 (Currently it is V3). 

  1. Native OpenID Connect Support 
    The OpenID Connect plug-in for Shibboleth IdP is implemented by a third party. The source code has been moved to Shibboleth IdP repository. It is officially supported by Shibboleth IdP V4 and will become a built-in protocol for Shibboleth IdP V5. More information can be found on
  2. CSRF Protection
    The CSRF protection is controlled by a parameter in IdP’s property file. When this is turned on, all the user faced views of weblogin service will be protected. There will be a CSRF token on each view and any submissions back to the IdP will require an anti-CSRF token. More information can be found on
  3. Access Control Based on User’s Information
    This feature is to impose authorization rules at the IdP to work around the limitations of a service that either does not implement any authorization or does not provide an adequate user experience in the event of failure. For example, IdP can allow only staff/faculty members to access a particular service provider. More information can be found on