As development proceeds, we will enumerate features that are removed (or expected to be) along with any expected workarounds. While these are not considered “official” removals until we’re closer to an alpha stage, anything listed here is pretty likely to stay “gone”.
SAML AuthnContextDeclRef Support
The old session objects contained a SAML 2.0 AuthnContextDeclRef if one was used in place of a class reference in the assertion. DeclRefs are virtually unused and are SAML-specific and hard to “abstract” into a more general representation. This also extends to removal of the dedicated authorization rule support in both XML syntax and Apache.
Workaround
The “claims/attributes” mapping features should be substantial enough such that the hub can extract a DeclRef into an attribute that could be mapped to any desired name (such as the old name used in the standard exported variable set). The authorization rules can be adjusted to check for an attribute/value.