Untrusted Certificate-chain reported when sending artifact o 3th party IDP

Document ID:7009461
Creation Date:30-Sep-2011
Modified Date:17-Feb-2015
- Micro Focus Products:
  Access Manager (NAM)

Environment

Novell Access Management 3.1
Novell Access Management 3.1 Support Pack 3

Novell Access Manager 3.1 Access Administration

Situation

Customer had setup a SAML relationship to a 3th party IDP.
When sending the artifact to the defined ArtifactResolutionService endpoint en error was reported.

The catalina.out showed the following:
amLogEntry> 2011-02-31T09:34:50Z VERBOSE NIDS Application: Attempting to connect to URL: https://test1.example1.com/opensso/ArtifactResolver/metaAlias/nl/idp via POST </amLogEntry>

<amLogEntry> 2011-02-31T09:34:50Z DEBUG NIDS Application:
Method: URLUtil.connectToURL
Thread: http-10.200.21.23-8443-Processor2
Error connecting to URL java.security.cert.CertificateException: Untrusted Certificate-chain </amLogEnt

Resolution

The certificate that was assigned to the ArtifactResolutionService endpoint was different from the one that was defined in the imported metadata and hence the trusted roots didn't match.
Getting updated metadata from the 3th party IDP with the correct certificate listed and the import of the matching trusted root certificates the problem was resolved.