...
Alternatively, the SP may include only http://id.incommon.org/assurance/silver in the SAML AuthnRequest element, and if the SP returns an error (i.e., opensaml::FatalProfileException), possibly indicating the particular user is not Silver qualified, the SP makes a new request without a AuthnRequest element, resulting in a lower LOA authentication. Again, ideally the user will not be prompted to authenticate a second time for this second request by the SP, i.e., the IdP has set a cookie in the user's browser.
...