At the moment, if the AuthnContextClassRef is not one of allowed values, system throws an exception, i.e ValueError: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' is not a valid LevelOfAssurance
System should either provide human friendly error message "Authentication request is not valid because of invalid value of LevelOfAssurence", or it should redirect back to Service Provider with the same message.
At the moment, if the AuthnContextClassRef is not one of allowed values, system throws an exception, i.e
ValueError: 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' is not a valid LevelOfAssurance
System should either provide human friendly error message "Authentication request is not valid because of invalid value of LevelOfAssurence", or it should redirect back to Service Provider with the same message.