When the NetIQ Identity Server is configured to federate with multiple external Identity Providers, administrator can specify the list of Authentication Contracts that an external provider can execute. This configuration allows the NetIQ Identity Server (acting as service provider) to automatically select the external identity provider without the user having to click on the external provider's card.
Authentication Contracts in the NetIQ Identity Servers have been enhanced to be configured with an Authentication Class Reference. This reference can be used in federating with External Identity or Service Providers that only respond to AuthnContextClassRef in the Authentication Request and Response. For more information about setting up the contract mapping and adding contracts to the satisfiable list, see Modifying the Authentication Card for Liberty or SAML 2.0 and Section 4.1.4, Configuring Authentication Contracts.