Shibboleth IdP Upgrade from v3 to v4 - Expert Recommendations Needed !!

prasanna cg prasannacgin at
Mon Aug 3 21:38:43 UTC 2020

Hello Experts,

I am reaching out to get your recommendations for the Shibboleth IdP Upgrade that we are planning in our enterprise. 

Current State

Shibboleth IdP v 3.3.1
Platform: Ubuntu Release:18.04 / bionic
Container: Tomcat 8
Web Server: Apache 2.4
JDK: Oracle JDK 8 (Enterprise Licensed)
Running in v2 compatibility mode (Syntax / Namespace are not migrated)
Requirement: To upgrade Shibb IDP 3 to the latest version with an upgrade path that can be economical, quicker, least complex and  zero downtime as I have 300+ SAML 2.0 Integrations . 


I did read the documentation and understood that OpenJDK has limited support and Oracle JDK is not supported (though it will be tested).  However, Is it still advisable to consider using Oracle JDK 11 or OpenJDK 11 (from <>) with my IDP v4.0.1 ? Will there be any downside in using either of them ? 
Or do you experts strongly suggest using Amazon Corretto 11  / RHEL OpenJDK 11 ? 
If Amazon Corretto 11 is the most recommended, can I still use them with my existing Ubuntu ? I am trying to avoid (if possible) moving to a new parallel infrastructure. 

Upgrade Path :  I read the documentation and understood the suggested upgrade path will be from v3.3.1 (Get rid of Deprecations here) => Upgrade to v3.4.7 (or get rid of Deprecations here) => Upgrade to v4.0.1
As experts, which path do you suggest ?
From v3.3.1 first Upgrade to v3.4.7, Switch to v3 syntax / namespace and get rid of all deprecated warnings and do a upgrade to v4.0.1 [or]
In existing V3.3.1 Switch to v3 syntax/namespace,  get rid of all deprecated warnings and do a direct upgrade to v4.0.1  [or]
Stand-up a parallel / new installation of v4.0.1 (in a new server) and manually port all the custom configurations / files to v4.0.1 supported format

Please share your experience !

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list