Adds configuration directive for RequestedAuthnContext #806

Closes #806

Author: pandafy

src/saml2/config.py

@@ -104,6 +104,7 @@
     "sp_type",
     "sp_type_in_metadata",
     "requested_attributes",
+    "requested_authn_context",
 ]
 
 AA_IDP_ARGS = [

tests/test_31_config.py

@@ -7,7 +7,8 @@
 
 from saml2 import BINDING_HTTP_REDIRECT, BINDING_SOAP, BINDING_HTTP_POST
 from saml2.config import SPConfig, IdPConfig, Config
-
+from saml2.saml import AUTHN_PASSWORD_PROTECTED, AuthnContextClassRef
+from saml2.samlp import RequestedAuthnContext
 from saml2 import logger
 
 from pathutils import dotname, full_path
@@ -26,8 +27,14 @@
                 "urn:mace:example.com:saml:roland:idp": {
                     'single_sign_on_service':
                         {'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect':
-                             'http://localhost:8088/sso/'}},
-            }
+                            'http://localhost:8088/sso/'}},
+            },
+            "requested_authn_context": RequestedAuthnContext(
+                    authn_context_class_ref=[
+                        AuthnContextClassRef(AUTHN_PASSWORD_PROTECTED),
+                    ],
+                    comparison="exact",
+                ),
         }
     },
     "key_file": full_path("test.key"),
@@ -217,6 +224,12 @@ def test_1():
                                              'http://localhost:8088/sso/'}}]
 
     assert c.only_use_keys_in_metadata
+    assert c._sp_requested_authn_context.to_string().decode() == (
+        '<ns0:RequestedAuthnContext xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol" '
+        'xmlns:ns1="urn:oasis:names:tc:SAML:2.0:assertion" Comparison="exact">'
+        '<ns1:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:'
+        'PasswordProtectedTransport</ns1:AuthnContextClassRef></ns0:RequestedAuthnContext>'
+    )
 
 
 def test_2():