This is the IDP responding with an error code saying that no correct authentication context has been provided.
In your IDP settings you can configure the authentication context (tab page: 'Request Authn Context'). Some IDPs require an option here while other force you to send nothing.
Connecting to a windows ADFS server the most common required Authentication context class is : "Integrated Windows Authentication" | "urn:federation:authentication:windows"
the other commonly used opion is: "Secure Remote Password" | "urn:oasis:names:tc:SAML:2.0:ac:classes:SecureRemotePassword"
If you are connecting with ADFS I would suggest you validate you have the integrated windows option selected. As I said before not every ADFS server requires this, the required/allowed options in this list vary over IDPs
Edit: The options I have seen for most ADFS providers are as follows: Authentication context class is : "Integrated Windows Authentication" | "urn:federation:authentication:windows" Disabled Name ID policy (check the box so the module doesn't need this policy). Authentication Context: Minimum (stronger than)