Currently the claims sent to the IdP are configured using the `oidc.userinfoclaims` and `oidc.idtokenclaims` configuration options. However, these only allow to specify a list of keys which will be added to the claims, while the values are all set to `null`. For the default XWiki claims this is ok. But some claims, such as the ACR claim used for step-up authentication, may require values to be set. This is not possible in the current setup. It should be possible to specify the full JSON to be sent as the claim as an alternative to the current approach.