diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88bd464..7e9e4fc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## v6.0.7
+
+* Fix for RequestedAuthnContext and AuthnContextClassRef being the wrong way around in built SAML requests
+
 ## v6.0.6
 
 * Github build fixes
diff --git a/services/saml/request/SamlRequestBuilder.cfc b/services/saml/request/SamlRequestBuilder.cfc
index 5ff7da6..1ac3444 100644
--- a/services/saml/request/SamlRequestBuilder.cfc
+++ b/services/saml/request/SamlRequestBuilder.cfc
@@ -23,8 +23,8 @@ component {
 		, required string nameIdFormat
 		, required string privateSigningKey
 		, required string publicSigningCert
-		,          string acClassRef        = "exact" // backward compat
-		,          string acClassComparison = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+		,          string acClassRef        = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
+		,          string acClassComparison = "exact" // backward compat
 	) {
 		var nowish  = getInstant();
 		var xml  = _getXmlHeader();
diff --git a/tests/unit/SamlIdentityProviderServiceTest.cfc b/tests/unit/SamlIdentityProviderServiceTest.cfc
index 5a420c2..d08c30e 100644
--- a/tests/unit/SamlIdentityProviderServiceTest.cfc
+++ b/tests/unit/SamlIdentityProviderServiceTest.cfc
@@ -96,8 +96,8 @@ component extends="testbox.system.BaseSpec" {
 				, postAuthHandler   = "some.handler"
 				, entityIdSuffix    = ""
 				, loginUrl          = "/test/"
-				, acClassRef        = "exact"
-				, acClassComparison = "test"
+				, acClassRef        = "test"
+				, acClassComparison = "exact"
 			},
 			"JumpCloud" : {}
 		};