From c1982fdb9f2dd363103ddd4c3b52a37c0b93ade5 Mon Sep 17 00:00:00 2001
From: Brock Roadhouse <brock.roadhouse@fabledsolutions.com>
Date: Tue, 14 Oct 2025 08:51:45 -0600
Subject: [PATCH] use config for authn context

---
 config/samlidp.php   | 4 +++-
 src/Jobs/SamlSso.php | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/samlidp.php b/config/samlidp.php
index 42de3ae..e16e2c8 100644
--- a/config/samlidp.php
+++ b/config/samlidp.php
@@ -37,8 +37,10 @@
     'encrypt_assertion' => true,
     // Make sure messages are signed
     'messages_signed' => true,
-    // Defind what digital algorithm you want to use
+    // Define what digital algorithm you want to use
     'digest_algorithm' => \RobRichards\XMLSecLibs\XMLSecurityDSig::SHA1,
+    // Auth Context to send with the assertion
+    'authn_context' => SamlConstants::NAME_ID_FORMAT_UNSPECIFIED,
     // list of all service providers
     'sp' => [
         // Base64 encoded ACS URL
diff --git a/src/Jobs/SamlSso.php b/src/Jobs/SamlSso.php
index bf12cf4..31f56e2 100644
--- a/src/Jobs/SamlSso.php
+++ b/src/Jobs/SamlSso.php
@@ -122,7 +122,7 @@ public function response()
                     ->setAuthnInstant(new \DateTime('-10 MINUTE'))
                     ->setSessionIndex(Helper::generateID())
                     ->setAuthnContext(
-                        (new AuthnContext)->setAuthnContextClassRef(SamlConstants::NAME_ID_FORMAT_UNSPECIFIED)
+                        (new AuthnContext)->setAuthnContextClassRef(config('samlidp.authn_context', SamlConstants::NAME_ID_FORMAT_UNSPECIFIED))
                     )
             );