I'm trying to get a Shibboleth SP 2.4.3 working and talking to a Novell
Access Manager 3.1.4 IDP.

To do this i've setup the Shibboleth SP side of things and can see
imported metadata etc. I can see that when I access the /secure resource
via the SP, it starts the proces but has issues with the NAM IDP Metadata.

dispatching message (default/Login::run::SAML2SI)
2012-09-24 20:40:50 INFO Shibboleth.SessionInitiator.SAML2 [1]: unable
to locate SAML 2.0 identity provider role for provider
(https://idp.xxx.com/nidp/saml/metadata)

Leads me to believe the NAM IDP Metadata is screwy, so looking at that I
see (as a snippet) -

<md:IDPSSODescriptor ID="id-CRd71.mwwwCOjc65XWDmkyWvEc"
protocolSupportEnumeration="urnasis:names:tc:SAML:1.0rotocol
urnasis:names:tc:SAML:1.1rotocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>cert data removed from here before
posting</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>cert data removed from here before
posting</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
<md:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
</md:KeyDescriptor>
<md:ArtifactResolutionService
Binding="urnasis:names:tc:SAML:2.0:bindings:SOAP"
Location="https://idp.xxx.com/nidp/saml/soap" index="0" isDefault="true"
/>
<md:NameIDFormat>urnasis:names:tc:SAML:2.0:nameid-formatersistent</md:NameIDFormat>

<md:NameIDFormat>urnasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>

<md:SingleSignOnService
Binding="urnasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://idp.xxx.com/nidp/saml/sso" />
</md:IDPSSODescriptor>

Ignoring that its not the whole metadata, the protocolSupportEnumeration
portion looks wrong as it only states SAML1.

SAML2 is configured in the IDP and SAML1 is not configured.

Has anyone got NAM 3.1.4 working with a Shibboleth 2.4.X SP or has
anyone got any ideas why the protocolSupport in the NAM metadata looks
wrong?