Currently the SpnegoAuthenticationMechanism caches against the connection scope and uses the cached GssContext to recreate the identity.
We should consider the following: -
- Using the same cached identity mechanism as is used by FORM authentication.
- Adding configuration to specify which scope to cache against.
- Add an option to disable caching entirely, this would need to take into account cases where continuation is required as that would become unsupported.