From d4199a5ab3cfb433fdf59d409b6388251324f3c9 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 25 Nov 2010 12:57:00 +0000
Subject: [PATCH] saml:IdP: Allow AuthnContextClassRef to be set by processing
 filters.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2656 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/lib/IdP/SAML2.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/saml/lib/IdP/SAML2.php b/modules/saml/lib/IdP/SAML2.php
index 2eb5e2fee..85050b4b4 100644
--- a/modules/saml/lib/IdP/SAML2.php
+++ b/modules/saml/lib/IdP/SAML2.php
@@ -563,7 +563,11 @@ class sspmod_saml_IdP_SAML2 {
 		}
 		$a->setNotOnOrAfter(time() + $assertionLifetime);
 
-		$a->setAuthnContext(SAML2_Const::AC_PASSWORD);
+		if (isset($state['saml:AuthnContextClassRef'])) {
+			$a->setAuthnContext($state['saml:AuthnContextClassRef']);
+		} else {
+			$a->setAuthnContext(SAML2_Const::AC_PASSWORD);
+		}
 
 		if (isset($state['AuthnInstant'])) {
 			$a->setAuthnInstant($state['AuthnInstant']);
-- 
GitLab