Environment
Novell Access Management 3.1 Support Pack 3
Situation
Customer had setup a SAML relationship to a 3th party IDP.
When sending the artifact to the defined ArtifactResolutionService endpoint en error was reported.
The catalina.out showed the following:
amLogEntry> 2011-02-31T09:34:50Z VERBOSE NIDS Application: Attempting to connect to URL: https://test1.example1.com/opensso/ArtifactResolver/metaAlias/nl/idp via POST </amLogEntry>
<amLogEntry> 2011-02-31T09:34:50Z DEBUG NIDS Application:
Method: URLUtil.connectToURL
Thread: http-10.200.21.23-8443-Processor2
Error connecting to URL java.security.cert.CertificateException: Untrusted Certificate-chain </amLogEnt
Resolution
The certificate that was assigned to the ArtifactResolutionService endpoint was different from the one that was defined in the imported metadata and hence the trusted roots didn't match.
Getting updated metadata from the 3th party IDP with the correct certificate listed and the import of the matching trusted root certificates the problem was resolved.