Keycloak and SAML authncontext


I’m using a Keycloak 22 and I need to define external SAML Identity providers.
I managed to create an Identity provider in the keycloak console and it works.
Now I want to require a specific authentication context so I use the option “Requested AuthnContext Constraints” in IDP configuration
Now Keycloak send a SAML request with
<samlp:RequestedAuthnContext Comparison=“exact”>
This is correct
But the IDP respond with an assertion containing

The authncontext is not the one we requeted so Keycloak should refuse the assertion, but it doesn’t ! Why ?
Is it a bug or am i missing something ?

Is there another way to force an authentication level with SAML in a federation context ?

Thanks !