<?xml version="1.0"?>
<samlp:AuthnRequest
	xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
	ID="{{ ECP_REQUEST_ID }}" Version="2.0"
	IssueInstant="{{ ECP_REQUEST_INSTANT }}"
	ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
	AssertionConsumerServiceURL="{{ &REDIRECT_CALLBACK_URL }}"
	Destination="https://{{ &IDP_HOST }}{{ &IDP_PATH }}">

	<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
		{{ &ECP_SP_ID }}
	</saml:Issuer>

	<samlp:NameIDPolicy
		xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
		Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
		AllowCreate="true"/>

	<samlp:RequestedAuthnContext
		xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact">
		<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
			urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
		</saml:AuthnContextClassRef>
	</samlp:RequestedAuthnContext>

</samlp:AuthnRequest>