diff --git a/example/backends/spidsaml2.py b/example/backends/spidsaml2.py
index 7c68e8e7..f0e90b61 100644
--- a/example/backends/spidsaml2.py
+++ b/example/backends/spidsaml2.py
@@ -556,7 +556,8 @@ def authn_response(self, context, binding):
                             requester = requester,
                             accepted_time_diff = accepted_time_diff,
                             authn_context_class_ref=authn_context_classref,
-                            return_addrs=authn_response.return_addrs
+                            return_addrs=authn_response.return_addrs,
+                            allowed_acrs = self.config['spid_allowed_acrs']
         )
         try:
             validator.run()
diff --git a/example/backends/spidsaml2_validator.py b/example/backends/spidsaml2_validator.py
index 44d5dbd9..adb376a0 100644
--- a/example/backends/spidsaml2_validator.py
+++ b/example/backends/spidsaml2_validator.py
@@ -34,7 +34,8 @@ def __init__(self, authn_response='', issuer='',
                  in_response_to='',
                  requester='',
                  authn_context_class_ref='https://www.spid.gov.it/SpidL2',
-                 return_addrs = []):
+                 return_addrs = [],
+                 allowed_acrs = []):
 
         self.response = samlp.response_from_string(authn_response)
         self.nameid_formats = nameid_formats
@@ -45,7 +46,7 @@ def __init__(self, authn_response='', issuer='',
         self.requester = requester
         self.return_addrs = return_addrs
         self.issuer = issuer
-
+        self.allowed_acrs = allowed_acrs
 
     # handled adding authn req arguments in the session state (cookie)
     def validate_in_response_to(self):
@@ -269,8 +270,9 @@ def validate_assertion_authn_statement(self):
                     f'{_ERROR_TROUBLESHOOT}'
                 )
 
-            # 90, 92, 93
+
             for authns in i.authn_statement:
+                # 90, 92, 93
                 if not hasattr(authns, 'authn_context') or \
                    not getattr(authns, 'authn_context', None) or \
                    not hasattr(authns.authn_context, 'authn_context_class_ref') or \
@@ -290,12 +292,12 @@ def validate_assertion_authn_statement(self):
                         level_sp = int(self.authn_context_class_ref[-1])
                         level_idp = int(authns.authn_context.authn_context_class_ref.text.strip().replace('\n', '')[-1])
                         if level_idp < level_sp:
-                            raise SpidError(_msg)
+                            raise SPIDValidatorException(_msg)
                     except Exception as e:
-                        raise SpidError(_msg)
+                        raise SPIDValidatorException(_msg)
 
                 # 97
-                if authns.authn_context.authn_context_class_ref.text != self.authn_context_class_ref:
+                if authns.authn_context.authn_context_class_ref.text not in self.allowed_acrs:
                     raise SPIDValidatorException(
                         'Assertion authn_statement.authn_context.authn_context_class_ref is missing/invalid. '
                         f'{_ERROR_TROUBLESHOOT}'
diff --git a/example/plugins/backends/spidsaml2_backend.yaml b/example/plugins/backends/spidsaml2_backend.yaml
index 087cc0c7..06e23c67 100644
--- a/example/plugins/backends/spidsaml2_backend.yaml
+++ b/example/plugins/backends/spidsaml2_backend.yaml
@@ -12,6 +12,11 @@ config:
   # make metadata downloadable from entityid url
   entityid_endpoint: true
 
+  spid_allowed_acrs:
+    - https://www.spid.gov.it/SpidL1
+    - https://www.spid.gov.it/SpidL2
+    - https://www.spid.gov.it/SpidL3
+
   acr_mapping:
     "": 'https://www.spid.gov.it/SpidL2'
     # specify AuthnContext per IdP