When using a Policy Rule configured with an Attribute-Based Authentication Factor in VIP Authentication Hub (IDSP), the following issues occur:

1. The Authentication Methods Reference (AMR) associated with the factor is missing from the generated id_token after successful verification.
2. An /authenticate call using an existingIDToken that contains the Attribute-Based Factor's AMR is ignored, causing the authentication flow to prompt for the factor instead of skipping it.

• Product: Symantec Identity Security Platform (IDSP) / VIP Authentication Hub
• Version: 4.0.1 and earlier

This issue is due to a confirmed software defect where the AMR claim associated with custom attribute-based factors is not correctly mapped into the final Identity Token or recognized during token hint processing.

This issue is scheduled to be resolved in VIP Authentication Hub version 4.0.2, which is planned for release in April 2026.
There is currently no direct configuration workaround for this behavior in affected versions. Customers requiring this functionality must upgrade to version 4.0.2 or later once available.

Attribute-Based Authentication Factors