J meet K,
(Men in Black)
FMS AE asks the OS for the groups that are associated with the user's OD or AD authentication. It does not talk to the authentication servers. It only asks the OS to perform the OD or AD service. I doubt it makes any difference what the OS uses to talk to the Authentication service as long as its BOUND correctly to that service and performs the authentication service as required.
That is kind of the mental model that I have developed about EA so far. You have a variety of blocks with things talking to each other in a chain, and it is up to each bit of the chain to handle it's own part, but nothing else. Something like:
FM Client <=> FM Server <=> Server OS <=> AD Server
It is my impression that that last link (Server OS <=> AD Server) is where the SAML layer would come into play, and thus it would be unimportant or irrelevant to the FMClient <=> FM Server connection. AT LEAST, just so long as the Mac OS X 1.6.8 system can deal with SAML. Which I am uncertain about, and was hoping that someone could clarify.