I am trying to put this proxy solution in place in order to provide support for the REFEDs MFA profile. Here is what I want to implement: 1. SP sends Auth Req to Satosa front end with REFEDs MFA profile ACR 2. Satosa makes a routing decision based on existence (or not) of the MFA profile in the request 3. If MFA profile exists, forward requests to IDP 1. Otherwise, route to IDP 2. 4a. Routing to IDP 1 for MFA makes an assumption that MFA was performed and then inserts the MFA profile into the returned SAML response 4b. Routing to IDP 2 for non-MFA makes an assumption that MFA was NOT performed and does not modify the response 5. The Satosa front end returns the assertion to the SAML SP I'd like this routing to be dynamic based only on the existence of the MFA profile in the request without having to maintain a static mapping of SP entity IDs. Reviewing the code, it seems like this might be possible in the DecideBackendByRequester micro service, however the functionality there is based on a static lookup table of entity IDs. A dynamic routing might be possible with a similar approach if one is able to obtain the ACR from the request context decorators. Is the ACR information added to the request decorator (internal_data) when the inbound request is processed? Does this seem like a reasonable approach to the problem? Thanks, Jim