...
The file includes an example of how to define such rules. Each bean contains a property to set with a map of values that might be requested and a corresponding list of values that should satisfy the request. Those values are attached to AuthenticationFlowDescriptor beans in authn/general-authn.xml via the supportedPrincipals
property.
(V3.2+ only) Lastly, a bean called shibboleth.IgnoreContexts can be defined to identify specific AuthnContextClassRef or AuthnContextDeclRef values to ignore if found in a SAML 2 <RequestedAuthnContext>
element. By default this consists of a single value, urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
, which was ignored in V2.