Trusted service providers can send Identity Server an authentication request that contains a request for contract or for an authentication type. When the request is for an authentication type, Identity Server must translate the type to a contract before authenticating the user. You can use the Authentication Type section of the Defaults page to specify which contract to use for the common types (classes).
Identity Server has not implemented all possible types. For types that do not appear on the Defaults page, you can do one of the following:
Define a contract for a class whose URI matches the requested class type. When Identity Server receives the authentication request, it uses the URI to match the request with a contract.
Creating such a contract state that the contract is security equivalent to the class that is being requested. For more information, see Creating a Contract for a Specific Authentication Type.
Use the Trust Levels class to assign an authentication level for the requested class. This level is used to rank the requested type. Using the authentication level and the comparison context, Identity Server can determine whether any contract meets the requirements of the request. If one or more contracts match the request, the user is prompted with the appropriate authentication contract.
For more information, see Configuring the Trust Levels Class.