Add configuration to the handler on the sp side that generates the authnrequest to add an authncontextclassref such as:
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Maybe can use shorthands such as password,kerberos,x509 etc for the standard class refs. If not standard shorthand, we use the fqn.