...
The file includes an example of how to define such rules. Each bean contains a property to set with a map of values that might be requested and a corresponding list of values that should satisfy the request. Those values are attached to AuthenticationFlowDescriptor beans in authn/general-authn.xml via the supportedPrincipals property.
(V3.2+ only) Lastly, a bean called shibboleth.IgnoreContexts can be defined to identify specific AuthnContextClassRef or AuthnContextDeclRef values to ignore if found in a SAML 2 <RequestedAuthnContext> element. By default this consists of a single value, urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified, which was ignored in V2.