Hi,
A guest would get back to the authentication page because it's in a loop.
I guess your solution would be to add a rule between Contractor_SSID_Redirect and Contractor_SSID_Access that would say something like:
If Contractor_SSID and GuestFlow and Guest_User => Blacklist/BlackholePortal or whatever portal ISE has for Denied Access.
Your contractors would not hit this rule because they don't belong to a guest user identity group.
This way your guest users logging in using the contractor portal won't get looped anymore.
Thanks,
Octavian