diff --git a/app.rb b/app.rb
index 5b445f6..8b5838b 100644
--- a/app.rb
+++ b/app.rb
@@ -225,20 +225,25 @@ def aal_authn_context(aal)
   def vtr_authn_context(ial:, aal:)
     return nil if vtr_disabled?
 
-      values = ['C1']
-
-      values << {
-        '2' => 'C2',
-        '2-phishing_resistant' => 'C2.Ca',
-        '2-hspd12' => 'C2.Cb',
-      }[aal]
-
-      values << {
-        '2' => 'P1',
-        'biometric-comparison-required' => 'P1.Pb',
-      }[ial]
-
-      values.compact.join('.')
+    values = ['C1']
+
+    values << {
+      '2' => 'C2',
+      '2-phishing_resistant' => 'C2.Ca',
+      '2-hspd12' => 'C2.Cb',
+    }[aal]
+
+    values << {
+      '2' => 'P1',
+      'biometric-comparison-required' => 'P1.Pb',
+    }[ial]
+
+    vtr_list = [values.compact.join('.')]
+    if ial == '0'
+      proofing_vector = values.dup + ['P1']
+      vtr_list = [proofing_vector.compact.join('.'), *vtr_list]
+    end
+    vtr_list
   end
 
   def saml_sp_certificate