The Trust Levels class allows you to specify an authentication level or rank for class types that do not appear on the Defaults page and for which you have not defined a contract. The level is used to rank the requested type. Using the authentication level and the comparison context, Identity Server can determine whether any contracts meet the requirements of the request. If one or more contracts match the request, the user is presented with the appropriate authentication prompts. For more information and other configuration options, see Section 5.1.5, Specifying Authentication Defaults and Specifying Authentication Types
Click Devices > Identity Server > Servers > Edit > Local > Classes > Trust Levels.
Click Properties > New, then specify the following values.
Property Name: Specify SetClassTrustLevels.
Property Value: Specify true.
For each class type for which you want to set a level, create a property for that class.
Set the Property Name to the name of the class. For example, use one of the following:
urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
For additional values, see the SAML2 and Liberty Authentication Context Specifications.
Set the Property Value to the security level or rank you want for the class. A level of 2 is higher than a level of 1.
Click OK, then update the Identity Server.