Environment
Novell Access Management 3.1
Novell Access Management 3.1 Support Pack 3 applied
Novell Access Management 3.1 Support Pack 3 applied
Situation
When sending SAML2 authentication responses to other SPs, if we use Kerberos to
authenticate the user then we should use the standards-defined name rather than
Novell making up their own.
It should be:
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos</saml:AuthnContextClassRef>
NOT
<saml:AuthnContextClassRef>SPNEGO/Kerberos</saml:AuthnContextClassRef>
Resolution
Reported to engineering