Problem with SPNEGO after successfully kerberos auth

[Cantor, Scott]

> Scott, thanks.
> I understand now why the IdP is doing the right thing. I have access to
> configure the SP in the right way. The SP is using python-saml and in the conf
> I found this:

If that's Roland's code, and that's the default, it's probably worth suggesting that he change that.

> So, I will try setting requestedAuthnContext to false and try again. The
> metadata should stop to ask for urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

It's not in any metadata, it's the actual request from the SP.

-- Scott