This operates in two different scenarios: ordinary use and proxy SAML authentication use, detectable
by whether the input context is parent-less (the former), or the child of an
In normal use, the value returned is false, requiring it to be explicitly superceded.
In proxy use, the value returned is false unless the parent context itself indicates the use of forced authentication, which was itself established in most cases from this function running previously or being overridden by a default. In other words, the proxy default is "passthrough" of the value.