@@ -225,11 +225,11 @@ def disco_query(self, context):
225225 )
226226 return SeeOther (loc )
227227
228- def construct_requested_authn_context (self , entity_id ):
229- if not self . acr_mapping :
230- return None
231-
232- acr_entry = util . get_dict_defaults ( self . acr_mapping , entity_id )
228+ def construct_requested_authn_context (self , entity_id , * , target_accr = None ):
229+ acr_entry = (
230+ target_accr
231+ or util . get_dict_defaults ( self . acr_mapping or {}, entity_id )
232+ )
233233 if not acr_entry :
234234 return None
235235
@@ -241,7 +241,9 @@ def construct_requested_authn_context(self, entity_id):
241241
242242 authn_context = requested_authn_context (
243243 acr_entry ['class_ref' ], comparison = acr_entry .get (
244- 'comparison' , self .VALUE_ACR_COMPARISON_DEFAULT ))
244+ 'comparison' , self .VALUE_ACR_COMPARISON_DEFAULT
245+ )
246+ )
245247
246248 return authn_context
247249
@@ -271,7 +273,8 @@ def authn_request(self, context, entity_id):
271273 raise SATOSAAuthenticationError (context .state , "Selected IdP is blacklisted for this backend" )
272274
273275 kwargs = {}
274- authn_context = self .construct_requested_authn_context (entity_id )
276+ target_accr = context .state .get (Context .KEY_TARGET_AUTHN_CONTEXT_CLASS_REF )
277+ authn_context = self .construct_requested_authn_context (entity_id , target_accr = target_accr )
275278 if authn_context :
276279 kwargs ["requested_authn_context" ] = authn_context
277280 if self .config .get (SAMLBackend .KEY_MIRROR_FORCE_AUTHN ):
0 commit comments