You can use Access Manager as an identity provider for several service providers. You can configure a specific authentication contract that is required for a service provider. If you have configured more than one authentication contract for a service provider, the contract with minimum level is selected.
When providing authentication to a service provider, Identity Server ensures that the user is authenticated by the required contract. When a user is not authenticated or when a user is authenticated, but the authenticated contracts do not satisfy the required contracts, user is prompted to authenticate with the required contract. This is called step-up authentication.
If no required contract is configured, then the default contract is executed.
Perform the following steps to define options for a WS Federation service provider:
On the Home page, click Applications > Select a Cluster > WS-Fed SP Application > Authentication Card > Options.
Click the Edit icon and select the contracts.
NOTE:Only the contract that is configured first in Selected contracts will be executed.
Only local authentication contracts can be used for WS Federation service provider.
Click Done > Save.