Error 300101050 posted when using a self-signed certificate in a SAML2 federated environment

  • 7018778
  • 05-Apr-2017
  • 01-Jun-2017


NetIQ Access Manager 4.2.x


NetIQ Access Manager (NAM) 4.2 with SAML2 federation. NAM is configured to as the Identity Provider (IdP).  An Service Provider (SP) has been configured using a self-signed certificate. When executing an IDP initiated Single Sign On (SSO), it fails with an error:
"300101050-<IDP id>, The request to provide authentication to a service provider has failed.:The Authentication Card specified is not valid." found in the catalina.out of the IDP-server.

Additional error message is:
"The request's authentication card was not found. Either id[null] or PID [] of the card is missing or is invalid."


Creating a new self-signed certificate resolved the issue.


The self-signed certificate was created as a CA-certificate, which should not be used to identify the server. In addition, using this command: "certutil -dump server-cert.der" to check the validity, it returned the following message:
"Possible Root Certificate: Subject matches Issuer, but Signature check fails: 80090006"

The certificate was handled in the Admin Console as being valid, though it was deemed invalid when used in setting up a secure connection between the IdP and the SP.