From 1df752d4b2cb1c690a86d35290f9bc67da80d217 Mon Sep 17 00:00:00 2001
From: Nick O'Leary <nick.oleary@gmail.com>
Date: Tue, 27 Feb 2024 14:40:47 +0000
Subject: [PATCH] Set disableRequestedAuthnContext in SAML strategy

---
 forge/ee/routes/sso/auth.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/forge/ee/routes/sso/auth.js b/forge/ee/routes/sso/auth.js
index 3f5cea65c5..fcaf7296ad 100644
--- a/forge/ee/routes/sso/auth.js
+++ b/forge/ee/routes/sso/auth.js
@@ -34,6 +34,7 @@ module.exports = fp(async function (app, opts) {
 
     fastifyPassport.use(new MultiSamlStrategy({
         passReqToCallback: true, // makes req available in callback,
+        disableRequestedAuthnContext: true, // Helps make things work with Entra
         wantAssertionsSigned: false, // TODO: allow this to be set per provider
         async getSamlOptions (request, done) {
             if (request.body?.RelayState) {