We have configured a new trust relationship, with Databricks. IDP initiated login is working perfectly, but SP initiated is not because they are sending <RequestedAuthnContext> in AuthnRequest: <samlp:RequestedAuthnContext Comparison="exact"> <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext> This is making oxauth fails to authenticate throwing this an AcrChangedException exception: Acr is changed. Session acr: casa(level: 69), current acr: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport(level: null) ACR is changed, please provide a supported and enabled acr value Is it possible to set something to ignore this RequestedAuthnContext in SP AuthnRequest? Thanks in advance.