500 Internal error processing a SAML2 AuthnRequest using POST binding

Third party SAML service provider setup to authenticate against an Access Manager Identity server. When the SAML AuthnRequest came into the Identity Server, the server would respond with a 500 Internal Error as shown below:

GET /nidp/saml2/sso?id=1&sid=2&option=credential&sid=2 HTTP/1.1
Host: misiamdevam1.novell.swk:8443
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2)
Gecko/20100115 Firefox/3.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer:
https://misiamdevam1.novell.swk:8443/nidp/jsp/content.jsp?sid=2&id=1&sid=2
Cookie: JSESSIONID=D776B83165E60EDE54074595A893E929;
WT_FPC=id=10.120.4.132-2773333712.30053278:lv=1266504279298:ss=1266503511026;
WT_DC=tsp=1;
mbox=PC#1266335423549-219660.13#1267548334|check#true#1266338794|session#1266338715124-675927#1266340594;
IPCZQX03a36c6c0a=00000b000a780484c90ff8e621d99e896782a1dd

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1932
Date: Thu, 18 Feb 2010 14:46:03 GMT
Connection: close

The catalina.out debug logs from the Identity server gave no reason for the error.

Enable the 'show card' attribute on the default AUthentication contract.

All contracts defined on the Identity Server had the show card option disabled. Since all incoming requests were from an Access Gateway that specifically referenced a contract, there were no issues seen executing it. With SAML, the service provider did not define any authentication type, so we had to execute the default contract. Before doing this the card needs to be displayed and as there were no cards to display, the 500 error was thrown.